Quick Links

Re: required rights for PGDATA

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Holger Klawitter <lists(at)klawitter(dot)de>
Cc:	"Postgres-Mailing-List" <pgsql-general(at)postgresql(dot)org>
Subject:	Re: required rights for PGDATA
Date:	2003-01-27 14:24:30
Message-ID:	25530.1043677470@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Holger Klawitter <lists(at)klawitter(dot)de> writes:
> As postgres (the user under with the process is actually running) cannot
> obtain a shell, I need group access to the data directory in order to
> configure postgres.

> [ so relax permissions on $PGDATA ]

Why is it more secure to relax permissions on $PGDATA than to undo your
choice not to have a login shell for postgres?

In very many environments, 0770 protection would be a disaster. I do
not think it is a good idea to allow that permission to be set, not
even configurably.

regards, tom lane

In response to

required rights for PGDATA at 2003-01-27 11:44:17 from Holger Klawitter

Responses

Re: required rights for PGDATA at 2003-01-27 15:44:42 from Holger Klawitter

Browse pgsql-general by date

	From	Date	Subject
Next Message	Nicolas Kowalski	2003-01-27 14:47:33	Re: passwords and 7.3
Previous Message	snpe	2003-01-27 14:20:04	Re: Compiling PHP with Postgres support problem