Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all" - Mailing list pgsql-general

From David G. Johnston
Subject Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"
Date
Msg-id CAKFQuwYYhpzYX5=xfa3NtTdoLNinSZ460hCaJx+gE7esGmKTWw@mail.gmail.com
Whole thread Raw
In response to Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"  (Bryn Llewellyn <bryn@yugabyte.com>)
Responses Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"
List pgsql-general
On Mon, Oct 31, 2022 at 10:03 PM Bryn Llewellyn <bryn@yugabyte.com> wrote:
It would seem proper to put any user who you want to set up for "local", "peer" authentication into the "postgres" group

Did you really mean to write that?

The postgres o/s user should be able to login using peer.  It is a one-way idea though.  Wanting to login using peer says nothing about whether the user getting that capability should be allowed to mess with the running server in the operating system.

As for the rest, all I see is that you are using an opinionated package manager to install software whose opinions you don't agree with.  Maybe there is some buggy behavior with respect to shared o/s db administration among users in a common group...you haven't demonstrated that one way or the other here.  I think it is pointless to have the o/s admin and postgres bootstrap user be anything but postgres and this whole thing is counter-productive.  But if you are going down to first principles maybe you should install from source and build your own "package" from that.

David J.

pgsql-general by date:

Previous
From: Bryn Llewellyn
Date:
Subject: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"
Next
From: Michael Paquier
Date:
Subject: Re: empty pg_stat_progress_vacuum