'[ADMIN] filesystem permissions and security'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postgresql-admin
Subject:    [ADMIN] filesystem permissions and security
From:       Ng Pheng Siong <phengsiong () gmail ! com>
Date:       2005-10-31 18:02:34
Message-ID: 3829471d0510311002u6c3a950axb744c95f97a11fc5 () mail ! gmail ! com
[Download RAW message or body]

Hi,

According to the manual from 7.3 onwards, PostgreSQL should be installed
thusly:

$ ./configure
$ gmake
$ su
# gmake install
# adduser postgres
# mkdir /usr/local/pgsql/data
# chown postgres /usr/local/pgsql/data
# su - postgres
$ /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data
<etc.>

I found a number of web pages which suggest the following:

# chown -R postgres /usr/local/pgsql

Which is obviously less secure. Dunno how those people got the idea; perhap=
s
from older versions' documentation?

Anyways, I'm trying to find out when the "new thinking" re filesystem
permissions came in being, and mailing list discussions on same, if any.

At my day job, I just came across Oracle installations which are "chown -R
oracle /usr/local/oracle". I'm told the vendor says to do it this way. Veni=
,
vidi, I couldn't believe my eyes and all that. :-)

In essence, I'm looking for "ammunition" to support my case to bring
Oracle's filesystem permissions to the higher standard set by modern
PostreSQL's.

TIA. Cheers.

[Attachment #3 (text/html)]

Hi,<br>
<br>
According to the manual from 7.3 onwards, PostgreSQL should be installed th=
usly:<br>
<br>
&nbsp; $ ./configure<br>
&nbsp; $ gmake<br>
&nbsp; $ su<br>
&nbsp; # gmake install<br>
&nbsp; # adduser postgres<br>
&nbsp; # mkdir /usr/local/pgsql/data<br>
&nbsp; # chown postgres /usr/local/pgsql/data<br>
&nbsp; # su - postgres<br>
&nbsp; $ /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data<br>
&nbsp; &lt;etc.&gt;<br>
<br>
I found a number of web pages which suggest the following: <br>
<br>
&nbsp; # chown -R postgres /usr/local/pgsql<br>
<br>
Which is obviously less secure. Dunno how those people got the idea; perhap=
s from older versions' documentation?<br>
<br>
Anyways, I'm trying to find out when the &quot;new thinking&quot; re filesy=
stem
permissions came in being, and mailing list discussions on same, if any.<br=
>
<br>
At my day job, I just came across Oracle installations which are &quot;chow=
n
-R oracle /usr/local/oracle&quot;. I'm told the vendor says to do it this
way. Veni, vidi, I couldn't believe my eyes and all that. :-)<br>
<br>
In essence, I'm looking for &quot;ammunition&quot; to support my case to br=
ing
Oracle's filesystem permissions to the higher standard set by modern
PostreSQL's.<br>
<br>
TIA. Cheers.<br>
<br>
<br>
<br>


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic