Skip site navigation (1) Skip section navigation (2)

Restricting permissions on Unix socket

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Restricting permissions on Unix socket
Date: 2000-10-31 20:50:46
Message-ID: Pine.LNX.4.21.0010312136190.1073-100000@peter.localdomain (view raw or flat)
Thread:
Lists: pgsql-hackers
I'd like to add an option or two to restrict the set of users that can
connect to the Unix domain socket of the postmaster, as an extra security
option.

I imagine something like this:

unix_socket_perm = 0660
unix_socket_group = pgusers

Obviously, permissions that don't have 6's in there don't make much sense,
but I feel this notation is the most intuitive way for admins.

I'm not sure how to do the group thing, though.  If I use chown(2) then
there's a race condition, but doing savegid; create socket; restoregid
might be too awkward?  Any hints?

-- 
Peter Eisentraut      peter_e(at)gmx(dot)net       http://yi.org/peter-e/


Responses

pgsql-hackers by date

Next:From: Kevin O'GormanDate: 2000-10-31 21:00:38
Subject: Contexts
Previous:From: Kevin O'GormanDate: 2000-10-31 20:50:02
Subject: Re: how good is PostgreSQL

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group