> > > > No, "normal" users shouldn't be allowed to do so, obviously. But, are
> > > > there real systems in which a database maintainer (i.e., user
> > > > postgres) cannot cooperate with the system admin (i.e., user root) to
> > > > accomplish this? In practice, is it really envisioned that postgres
> > > > should be _so_ distinct from the system? For example, don't most
> > > > people run the postmaster from the system startup scripts, and isn't
> > > > that the same thing? How did those commands get inserted into the
> > > > startup scripts if not by root?
> > >
> > > I do not feel that it is appropriate for a non-root program (which
> > > PostgreSQL is) to require a systems administrator to make permissions
> > > related changed to a directory for it to run, period.
> > >
> > Speaking of feelings, I'm not especially happy about allowing any old
> > user to trash a key file because it's located in a globally writable
> > directory.
Correct me if I'm wrong (oh, why bother saying that? :), but aren't there two
issues going on here? And, shouldn't all points raised above (and earlier) be
considered in the solution?
One issue is that a location for sockets needs to be specified for _any_
Postgres installation. This location is not exactly the same kind of thing as
the main Postgres installation tree.
The other issue is that there _may_ be a preferred location for this location
on some, most, or all Unix systems.
In either case, the location should be specified in Makefile.global, so that I
can override it in Makefile.custom, just like I do for defining POSTGRESDIR to
allow me to work in /opt/postgres/... rather than the other possible preferred
location(s).
Perhaps the default location for an installation from source code should be
available without sysadmin intervention, which might suggest that it should be
in the postgres owner's home directory tree or in /tmp. Packaged binary
installations are likely to be installed by root into a dedicated Postgres
account.
For my installation, I'll install from source and go ahead and override the
default to put it in /var/run or somewhere like that which is more secure; the
installation instructions will tell me which is the best location to achieve
maximum security.
OK?
- Tom
