If password authentication is set, then startup
blocks waiting for a password to be given in stdin.
postgresql runs under user/group pgsql
data directory owned by pgsql
Modified the pg_ctl script to redirect a one line
password file to "$PGPATH/psql". The passwd file
exists in the data directory.
If the passwd file does not exist, an empty one will
be created with perm 600.
If someone has root or pgsql os user access, then
can alter the data directory at will anyways. Putting
a plaintext passwd file in the data directory that
regular users cannot access anyways does not represent
any more of a security hazard that if someone had
access to the master.passwd files.
Workaround a bit more secure than allowing trust to
all local users.
--- pg_ctl.sh Sat Apr 21 04:23:58 2001
+++ /usr/local/bin/pg_ctl Sat Sep 22 12:39:03
@@ -56,8 +56,8 @@
# Placed here during build
# protect the log file
@@ -226,6 +226,11 @@
+if [ ! -e $PASSFILE ];then
+ touch $PASSFILE
+ chmod 600 $PASSFILE
if [ $op = "status" ];then
if [ -f $PIDFILE ];then
@@ -347,6 +352,10 @@
# FIXME: This is horribly misconceived.
# 1) If password authentication is set up, the
connection will fail.
+# Kinda fixed. If password is set up, and the
+# does not exist, then it will fail. If password
+# and passwd file exists with the passwd, then
it will succeed.
+# If password auth is not set, this will still
# 2) If a virtual host is set up, the connection may
# 3) If network traffic filters are set up tight
enough, the connection
# may fail.
@@ -357,7 +366,7 @@
# 6) If the dynamic loader is not set up correctly
(for this user/at
# this time), psql will fail (to find libpq).
# 7) If psql is misconfigured, this may fail.
- if "$PGPATH/psql" -l >/dev/null 2>&1
+ if "$PGPATH/psql" -l >/dev/null 2>&1 <
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com
pgsql-patches by date
|Next:||From: Bruce Momjian||Date: 2001-09-22 21:33:44|
|Subject: Re: CREATE OR REPLACE FUNCTION|
|Previous:||From: Tom Lane||Date: 2001-09-22 15:57:00|
|Subject: Re: CREATE OR REPLACE FUNCTION |