Rudolf Gavlas wrote:
> 2016-09-20 18:55 GMT+02:00, Alvaro Herrera <alvherre@2ndquadrant.com>:
> > Rudolf Gavlas wrote:
> >
> >> I work in an environment, where servers are administered by people
> >> with different user names and identical uid (0).
> >
> > So everyone is superuser there? That sounds, um, unorthodox.
>
> Yes, the administrators of the servers, that means people responsible
> for installing, configuring and running all of the software on the
> servers day and night are superusers there. I am quite surprised it
> may sound unorthodox. I am only used to unix environment though. What
> is the orthodox way of doing that, btw?
In my view of the world, each of the admins would have a regular user,
with the privilege of running commands as superuser using something like
"sudo" (including running a shell).
get_home_path is psql's code. I would expect client connections to come
from regular users, as it is considered risky to run all code with
elevated privileges, anyway.
As I recall, if you tried to start the postgres server using a superuser
account you would quickly find out that it completely refuses to start.
I suppose it works because some start script su's to the postgres
unprivileged account to run pg_ctl. (Windows is an exception to this,
where it used to be customary to run servers using administrator
privileges, where instead of outright refusing to run, pg_ctl would drop
all privileges first.)
--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
