The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/17/install-make.html
Description:
The current 'short' version is
```
./configure
make
su
make install
adduser postgres
mkdir -p /usr/local/pgsql/data
chown postgres /usr/local/pgsql/data
su - postgres
/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data
/usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start
/usr/local/pgsql/bin/createdb test
/usr/local/pgsql/bin/psql test
```
The security could be improved by limiting the amount of work that is done
as root. (sudo make
install -- shudder!)
First, split `make install` so `make build` gets as far as building the
libraries **under the current directory**, not on location in the start
directory.
Second, verify that `make install` does nothing but create directories and
copy files into them. It can probably also include the tasks currently done
by `make installdir` but the latter might still be required by some external
process. This target should be reviewed by security experts.
The 'short' script can then be rewritten as
```
# work done as a regular user
./configure
make build
# work that requires ROOT access
su
mkdir /usr/local/pgsql/data
chown (current user):(current group) /usr/local/pgsql
adduser --system --group postgres
exit
# work that requires POSTGRES access
su -u postgres
make install installdirs
exit
# work that requires ROOT access
su
adduser --system --group postgres
chown -R postgres:postgres /usr/local/pgsql
exit
# work that requires POSTGRES access
su - postgres
/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data
/usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start
/usr/local/pgsql/bin/createdb test
/usr/local/pgsql/bin/psql test
exit
```
