Re: Permission Denied When i am Trying to take Backup - Mailing list pgsql-admin

From Tom Lane
Subject Re: Permission Denied When i am Trying to take Backup
Date
Msg-id 27295.1002907624@sss.pgh.pa.us
Whole thread Raw
In response to Re: Permission Denied When i am Trying to take Backup  (Stefan Huber <looseleaf@gmx.net>)
List pgsql-admin
Stefan Huber <looseleaf@gmx.net> writes:
> Well, this might be true, if you are on a system, where more than one
> humans are operating. Or are there some other reasons behind this philosophy?

The idea is that the executables shouldn't be writable by the postgres
user.  That way, even if some db user manages to break into your
database superuser account, the amount of damage he can do is limited.
This has got nothing to do with whether your server system has other
people on it: as long as someone can connect as superuser, they can
cause the backend to scribble on any file that's writable by postgres.

$PGDATA and the files and directories under it need to be owned/writable
by the postgres user, but there's no reason for the rest of the
installation (bin, lib, share, etc) to be writable by the postgres user.
So doing "make install" as root and "initdb" as postgres sets you up
more securely than doing the install as postgres.

            regards, tom lane

pgsql-admin by date:

Previous
From: "Mike Rogers"
Date:
Subject: Ultimate DB Server
Next
From: "Peter Schmidt"
Date:
Subject: FreeBSD upgrade causes performance degredation