| From: | "Tim Bruce - Postgres" <postgres(at)tbruce(dot)com> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Sam Mason" <sam(at)samason(dot)me(dot)uk>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: How to know the password for the user 'postgres' |
| Date: | 2008-10-28 14:13:38 |
| Message-ID: | 60638.192.168.8.16.1225203218.squirrel@sm.tbruce.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, October 28, 2008 05:57, Tom Lane wrote:
> Sam Mason <sam(at)samason(dot)me(dot)uk> writes:
>> On Tue, Oct 28, 2008 at 10:42:47AM +0100, Thomas wrote:
>>> An easy trick I have found to set postgres password: $ sudo passwd
>>> postgres, and now you can type a new password. So now you can switch
>>> user with: $ su postgres, and then connect to the DB with psql.
>
>> Won't that allow logins to the postgres account then?
>
> True, but that might be safer overall than giving out sudo privileges.
> If the sysadmin and the DBA are the same person it hardly matters,
> but if you want the DBA to not have root, then giving him a password for
> the postgres account is the best way. So it all depends on your
> local situation ...
>
> regards, tom lane
>
Wouldn't it be better to add the line 'sudo su - postgres' as the entry
(command) for the user(s) in the sudoers file? This would specifically
limit the user(s) to only being able to change to the postgres user's
context.
I think this goes to overall system security, just like the security
methods wrapped around PostgreSQL itself. Weakening system security is no
different than weakening access to the database.
Tim
--
Timothy J. Bruce
Registered Linux User #325725
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Reid Thompson | 2008-10-28 14:35:22 | Re: Piping CSV data to psql when executing COPY .. FROM STDIN |
| Previous Message | Allan Kamau | 2008-10-28 14:09:31 | Re: Piping CSV data to psql when executing COPY .. FROM STDIN |