Home > mailing lists

Re: required rights for PGDATA - Mailing list pgsql-general

From	Tom Lane
Subject	Re: required rights for PGDATA
Date	January 27, 2003 09:24:30
Msg-id	25530.1043677470@sss.pgh.pa.us Whole thread Raw
In response to	required rights for PGDATA (Holger Klawitter <lists@klawitter.de>)
Responses	Re: required rights for PGDATA
List	pgsql-general

Tree view

Holger Klawitter <lists@klawitter.de> writes:
> As postgres (the user under with the process is actually running) cannot
> obtain a shell, I need group access to the data directory in order to
> configure postgres.

> [ so relax permissions on $PGDATA ]

Why is it more secure to relax permissions on $PGDATA than to undo your
choice not to have a login shell for postgres?

In very many environments, 0770 protection would be a disaster.  I do
not think it is a good idea to allow that permission to be set, not
even configurably.

            regards, tom lane

pgsql-general by date:

From: Tom Lane
Date: 27 January 2003, 09:04:05
Subject: Re: pg_dump automatic

From: Nicolas Kowalski
Date: 27 January 2003, 09:50:07
Subject: Re: passwords and 7.3

Re: required rights for PGDATA - Mailing list pgsql-general

Previous

Next