Christopher Petrilli <petrilli@gmail.com> writes:
> As a security professional, why would the root user need to be
> involved in the ownership of PostgreSQL? I see no reason for this,
> but perhaps I'm missing something important.
A number of years ago some Unices experimented with installing system
binaries with owners other than root. Owner 'bin' was one common try.
Superficially this sounds good, but experience has shown that it is a
bad idea. I don't think anyone does this any longer.
Cracking root will compromise standard Unix security no matter who
owns the binaries. If system binaries are owned by a user other than
root, now you have at least two ids you must protect at all costs. By
making things more complex you've just managed to make your job of
maintaining security at least twice as hard as it would have been if
you had left things alone.
Obviously considerations are very different if setuid and setgid
programs are involved. Some modern Unices have more advanced security
models than the traditional Unix model, so binary ownership may be
handled differently in them as well.
Mark Twain understood this clearly all the way back in 1894:
"Put all your eggs in one basket, and WATCH THAT BASKET."
