Did we come to a conclusion on this?
---------------------------------------------------------------------------
Peter Eisentraut wrote:
> Tom Lane writes:
>
> > Can't we do both? If the default setup is to put config files in
> > a Postgres-specific directory, then let's make the default arrangement
> > be that that directory is Postgres-owned, mode 700, *and* the config
> > files are Postgres-owned and mode 600.
>
> The problem with this is that the PostgreSQL-specific configuration file
> directory may be used by programs other than the server. E.g., the ODBC
> driver puts stuff in there. In some future life there may be a global
> psqlrc file or the JDBC driver may have a global properties file (don't
> know if that just made sense). So we'd have to make a subdirectory, say
> "server" (or "secure" or "secret" ...). Seems a bit ugly.
>
> Moreover, I don't know if we can make permission changes on directories
> during installation (make install). (Read "can" as: ought to, while
> staying within the vague confines of open-source software build system
> standards.) For all we know, the directory may already be there and the
> installer told us to reuse it.
>
> How is the situation on the broken editors these days? We might just want
> to put a note on the top of each critical file
>
> # Make sure this file is not readable by anyone except you.
> # If you edit it, make sure your editor does not change the permissions on
> # this file.
> # If in doubt, execute chmod go-a filename.
>
> --
> Peter Eisentraut peter_e@gmx.net
>
>
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026
