required rights for PGDATA - Mailing list pgsql-general

From Holger Klawitter
Subject required rights for PGDATA
Date
Msg-id 200301271244.17748.lists@klawitter.de
Whole thread Raw
Responses Re: required rights for PGDATA
Re: required rights for PGDATA
List pgsql-general
Hi there,

I have the problem that I need to have a group of users (namely postgres and
the dbadmin) with access to pg_hba.conf.

As postgres (the user under with the process is actually running) cannot
obtain a shell, I need group access to the data directory in order to
configure postgres.

drwxrwx---    6 postgres postgres     4096 Jan 27 10:14 data/

However postgres refuses to start with 0770 permission.

In my case this additional security measure bites itself as now I need to
grant su to dbadmin and moreover grant a shell access to postgres.

Some Suggestions:

1.) the check can be made configurable (with the strict one as default)

2.) groups below 100 are okay.

3.) default group of the postgres user is okay.

4.) the group 'postgres' is okay.

That do you all think?

With kind regards / mit freundlichem Gruß
    Holger Klawitter
--
Holger Klawitter                          http://www.klawitter.de
lists@klawitter.de

pgsql-general by date:

Previous
From: Nicolas Kowalski
Date:
Subject: Re: passwords and 7.3
Next
From: "Nigel J. Andrews"
Date:
Subject: Re: required rights for PGDATA