"Joshua D. Drake" <jd@commandprompt.com> writes:
> For 8.0 are we going to allow group modifications to the data
> directories for PostgreSQL? It is kind of silly that it must be 700.
Not in the least. There are many systems where users by default
are all in a "users" group, and so 770 isn't much safer than 777.
> I think we should allow at least 770. This allows you to have
> administrators with postgresql.conf editing rights without giving
> them the ability to su to postgresql.
Being able to edit postgresql.conf gives one the ability to become
postgres (hint: you can cause the backend to load a shlib of your
choosing, or even more trivially, adjust pg_hba.conf to let you in
as superuser), so the above distinction is unenforceable.
In short: no way.
regards, tom lane
