From: | Peter Eisentraut <e99re41(at)DoCS(dot)UU(dot)SE> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | hackers(at)postgreSQL(dot)org |
Subject: | Re: Ownership/protection (was Re: [HACKERS] Portability) |
Date: | 1999-11-30 19:36:01 |
Message-ID: | Pine.GSO.4.02A.9911302029570.13278-100000@Vessla.DoCS.UU.SE |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, 30 Nov 1999, Tom Lane wrote:
> The difficulty with encouraging people to su to root for install is that
> it's so easy to make the files root-owned and thereby create a security
> problem. Perhaps the right compromise is to add a --owner switch to
> "make install", and to have it refuse to install if the (given or
> defaulted) ownership is "root" ?
See Vince's email about the configure switch to be used in install. That
is what I was shooting for. I am not sure to what extend initdb should use
those settings (recall: autoconf is not for configuring run time stuff)
but if you *insist* on running initdb as root (too lazy to su, forgot to,
etc.) there should be an option, as there is now.
> offhand I can't think of any reason that any postgres-owned processes
> need to be able to write in the bin, lib, or include hierarchies. Can
> anyone else think of one?
They better not write there. That would certainly be a major bug.
> BTW, do we have a check in the postmaster to refuse to start if its euid
> is root? Shouldn't we?
There is a check and it refuses to start.
--
Peter Eisentraut Sernanders vaeg 10:115
peter_e(at)gmx(dot)net 75262 Uppsala
http://yi.org/peter-e/ Sweden
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 1999-11-30 20:19:54 | Re: [HACKERS] sort on huge table |
Previous Message | Brian E Gallew | 1999-11-30 18:49:24 | Re: [HACKERS] Re: tab completion in psql |