"Sergio A. Kessler" <ser@perio.unlp.edu.ar> writes:
> what is the funcionality of the file pg_pwd in $PG_DATA ?
> (no, there is _nothing_ in the docs)
That's cause you don't need to know ;-)
Seriously, it's a flat-file copy of pg_shadow, used by the postmaster
to do password verification. (The postmaster can't look directly at
pg_shadow because it cannot participate in database operations.)
See doc/TODO.detail/pg_shadow.
> and why is world =writable & readable= ?
> (hey, everybody, wanna know my passwd ?)
It's not really a security hole because it lives inside a directory
that's mode 700 (unless you tampered with the default permissions
setup). However, I agree it oughta be changed anyway.
The real issue here is that backend-side COPY writes files with mode
666, which seems a strange and dangerous choice to me. But someone once
thought it was a good idea, because COPY goes out of its way to make
that happen. Does anyone have a clue why?
regards, tom lane
