I'd like to add an option or two to restrict the set of users that can
connect to the Unix domain socket of the postmaster, as an extra security
option.
I imagine something like this:
unix_socket_perm = 0660
unix_socket_group = pgusers
Obviously, permissions that don't have 6's in there don't make much sense,
but I feel this notation is the most intuitive way for admins.
I'm not sure how to do the group thing, though. If I use chown(2) then
there's a race condition, but doing savegid; create socket; restoregid
might be too awkward? Any hints?
--
Peter Eisentraut peter_e(at)gmx(dot)net http://yi.org/peter-e/