Stefan Huber <looseleaf@gmx.net> writes:
> Well, this might be true, if you are on a system, where more than one
> humans are operating. Or are there some other reasons behind this philosophy?
The idea is that the executables shouldn't be writable by the postgres
user. That way, even if some db user manages to break into your
database superuser account, the amount of damage he can do is limited.
This has got nothing to do with whether your server system has other
people on it: as long as someone can connect as superuser, they can
cause the backend to scribble on any file that's writable by postgres.
$PGDATA and the files and directories under it need to be owned/writable
by the postgres user, but there's no reason for the rest of the
installation (bin, lib, share, etc) to be writable by the postgres user.
So doing "make install" as root and "initdb" as postgres sets you up
more securely than doing the install as postgres.
regards, tom lane
