Christopher Petrilli <petrilli@gmail.com> writes:
> On Thu, 13 Jan 2005 01:00:31 +0100, Peter Eisentraut <peter_e@gmx.net> wrote:
>> The current recommendation, which is reflected in the installation
>> instructions, is to install the software as root and to use the
>> postgres user for the database files. The advice seen elsewhere in
>> this thread to use the postgres user also for the software files is
>> wrong.
> As a security professional, why would the root user need to be
> involved in the ownership of PostgreSQL? I see no reason for this,
> but perhaps I'm missing something important.
The rationale is that the executables should not be owned by the
postgres user, so that they can't be corrupted/trojaned if someone
manages to break in via the database server.
This of course does not require that the executables be owned by root,
only by someone other than the daemon account you run the server under.
regards, tom lane
