On Tue, October 28, 2008 05:57, Tom Lane wrote:
> Sam Mason <sam@samason.me.uk> writes:
>> On Tue, Oct 28, 2008 at 10:42:47AM +0100, Thomas wrote:
>>> An easy trick I have found to set postgres password: $ sudo passwd
>>> postgres, and now you can type a new password. So now you can switch
>>> user with: $ su postgres, and then connect to the DB with psql.
>
>> Won't that allow logins to the postgres account then?
>
> True, but that might be safer overall than giving out sudo privileges.
> If the sysadmin and the DBA are the same person it hardly matters,
> but if you want the DBA to not have root, then giving him a password for
> the postgres account is the best way. So it all depends on your
> local situation ...
>
> regards, tom lane
>
Wouldn't it be better to add the line 'sudo su - postgres' as the entry
(command) for the user(s) in the sudoers file? This would specifically
limit the user(s) to only being able to change to the postgres user's
context.
I think this goes to overall system security, just like the security
methods wrapped around PostgreSQL itself. Weakening system security is no
different than weakening access to the database.
Tim
--
Timothy J. Bruce
Registered Linux User #325725
