Skip site navigation (1) Skip section navigation (2)

Re: Thoughts on the location of configuration files

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Thoughts on the location of configuration files
Date: 2001-12-24 03:27:13
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
> Personally, I would make the configuration files 0644 by default.
> There's nothing in there that you can't get at in another way or which
> would matter to outsiders.  I hope in the next release we make the
> unix_socket_permissions default to 0700 so the default setup is totally
> secure even if you messed up your pg_hba.conf.

I have an idea for the Unix socket file permissions and local 'trust'
permissoins as default.  Right now we allow the socket permissions to be
set in postgresql.conf, but that seems like the wrong place for it.

Suppose we add an option to pg_hba.conf for 'local' connections called
'singleuser' and 'singlegroup' which set enable socket permissions only for the
postgres super-user or his group.

That way, we can ship the default pg_hba.conf file default as
'singleuser' and allow people to change it as they wish.

If people think this is a good idea, I will add it to the TODO list.

  Bruce Momjian                        |
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

In response to


pgsql-hackers by date

Next:From: Tom LaneDate: 2001-12-24 03:31:56
Subject: Re: Thoughts on the location of configuration files
Previous:From: Christopher Kings-LynneDate: 2001-12-24 02:49:57
Subject: Re: contrib idea

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group