From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Sebastian P(dot) Luque" <spluque(at)gmail(dot)com> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: authentication/privileges |
Date: | 2013-05-10 16:19:11 |
Message-ID: | 9159.1368202751@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
"Sebastian P. Luque" <spluque(at)gmail(dot)com> writes:
> With peer authentication, one can only login as postgres from a local
> connection. I'm not sure what password the postgres user was set up in
> the OS, however, I assigned one to it (the same as for the PostgreSQL
> user). I've read somewhere that the postgres OS user should be left
> locked without password, although it's not clear what was meant by
> "locked".
It's fairly common for distro-supplied packages to create a postgres
OS user but not assign it any password. In that state, the only way to
become postgres is to "su" to it from root, or perhaps from a sudoer
account with root-equivalent privileges. While that might be okay
for machines with just one person administering everything, I can't
say that I think it's recommendable practice in general: you don't
want to have to give somebody root to let them admin the database.
Better to give the postgres user a password.
regards, tom lane
--
Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
From | Date | Subject | |
---|---|---|---|
Next Message | Merlin Moncure | 2013-05-10 16:21:35 | Re: Deploying PostgreSQL on CentOS with SSD and Hardware RAID |
Previous Message | Evan D. Hoffman | 2013-05-10 16:11:07 | Re: Deploying PostgreSQL on CentOS with SSD and Hardware RAID |