Tom Lane wrote:
> > Socket permissions - only install user can access db by default
>
> I do not agree with this goal.
OK, this is TODO item:
* Make single-user local access permissions the default by limiting permissions on the socket file (Peter E)
Right now, we effectively install initdb as though we are creating a
world-writeable directory on the machine. (Sure, the directory is
locked down, but by setting PGUSER you can connect to the database as
anyone.) I don't know any other software that does this, and I can't
see how we can justify the current behavior.
Another idea is to change pg_hba.conf to not default to 'trust' but then
the installing user is going to have to choose a password.
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026
