Postgres Pro
Downloads
Home   >   mailing lists

postgresql-7.1.3 pg_ctl password authentication and startup - Mailing list pgsql-patches

From Benjamin Yu
Subject postgresql-7.1.3 pg_ctl password authentication and startup
Date
Msg-id 20010922200704.52522.qmail@web14802.mail.yahoo.com
Whole thread Raw
Responses Re: postgresql-7.1.3 pg_ctl password authentication and startup  (Bruce Momjian <pgman@candle.pha.pa.us>)
List pgsql-patches
Tree view 
The problem:
 If password authentication is set, then startup
blocks waiting for a password to be given in stdin.

System:
 FreeBSD 4.4
 postgresql runs under user/group pgsql
 data directory owned by pgsql

Workaround:
 Modified the pg_ctl script to redirect a one line
password file to "$PGPATH/psql". The passwd file
exists in the data directory.
PASSFILE=$PGDATA/postmaster.passwd
 If the passwd file does not exist, an empty one will
be created with perm 600.

Security:
 If someone has root or pgsql os user access, then
they
can alter the data directory at will anyways. Putting
a plaintext passwd file in the data directory that
regular users cannot access anyways does not represent
any more of a security hazard that if someone had
access to the master.passwd files.
 Workaround a bit more secure than allowing trust to
all local users.

--- pg_ctl.sh   Sat Apr 21 04:23:58 2001
+++ /usr/local/bin/pg_ctl       Sat Sep 22 12:39:03
2001
@@ -56,8 +56,8 @@


 # Placed here during build
-bindir='@bindir@'
-VERSION='@VERSION@'
+bindir='/usr/local/bin'
+VERSION='7.1.3'

 # protect the log file
 umask 077
@@ -226,6 +226,11 @@
 DEFPOSTOPTS=$PGDATA/postmaster.opts.default
 POSTOPTSFILE=$PGDATA/postmaster.opts
 PIDFILE=$PGDATA/postmaster.pid
+PASSFILE=$PGDATA/postmaster.passwd
+if [ ! -e $PASSFILE ];then
+       touch $PASSFILE
+       chmod 600 $PASSFILE
+fi

 if [ $op = "status" ];then
     if [ -f $PIDFILE ];then
@@ -347,6 +352,10 @@
        do
 # FIXME:  This is horribly misconceived.
 # 1) If password authentication is set up, the
connection will fail.
+#      Kinda fixed. If password is set up, and the
$PASSFILE
+#      does not exist, then it will fail. If password
is setup
+#      and passwd file exists with the passwd, then
it will succeed.
+#      If password auth is not set, this will still
work.
 # 2) If a virtual host is set up, the connection may
fail.
 # 3) If network traffic filters are set up tight
enough, the connection
 #    may fail.
@@ -357,7 +366,7 @@
 # 6) If the dynamic loader is not set up correctly
(for this user/at
 #    this time), psql will fail (to find libpq).
 # 7) If psql is misconfigured, this may fail.
-           if "$PGPATH/psql" -l >/dev/null 2>&1
+           if "$PGPATH/psql" -l >/dev/null 2>&1 <
$PASSFILE
            then
                break;
            else

__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com

pgsql-patches by date:

Previous
From: Michael Meskes
Date:
Subject: Re: Problem with setlocale (found in libecpg) [accessing a memory location after freeing it]
Next
From: Liam Stewart
Date:
Subject: JDBC test suite patch