Re: What goes into the security doc? - Mailing list pgsql-hackers

From Dan Langille
Subject Re: What goes into the security doc?
Date
Msg-id 3E310ED4.2715.5D39B3DB@localhost
Whole thread Raw
In response to Re: What goes into the security doc?  ("Christopher Kings-Lynne" <chriskl@familyhealth.com.au>)
List pgsql-hackers
On 22 Jan 2003 at 13:29, Christopher Kings-Lynne wrote:

> Recommend always running "initdb -W" and setting all pg_hba entries to md5.

Thanks.  I also encountered this item on IRC:

[09:26] <fede2> Guys, is there a problem with using /bin/true of 
/bin/false as the shell of the postgres user? The docs only says 
"adduser postgres" , witch will give postgres a nice shell.
[09:27] <fede2> I'm asking because the guys from Gentoo (thats a 
distro FWIW), want to use either /bin/false of /bin/true as postgres' 
shell.
[09:27] <dvl> fede2: it means you won't be able to become the 
postgres user to run commands.
[09:27] <mmc_> ... to run SHELL commands.
[09:29] <fede2> dvl: Aldo it's not the same, one could use "su -c foo 
postgres" to workarround it.
[09:30] <fede2> dvl: I was wondering if it had an even heavier 
reason, besides that.
[09:34] <mmc_> fede2: tha manpage of su says, that -c args is treated 
by the login shell !
[09:35] <fede2> mmc_: Hmm.. true. That makes it a heavy enough 
reason. Thanks.
[09:35] * fede2 departs
-- 
Dan Langille : http://www.langille.org/



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Release Scheduales: 7.2.4 & 7.3.2
Next
From: Tom Lane
Date:
Subject: Re: Odd subselect in target list behavior WRT aggregates