On Tue, 30 Nov 1999, Tom Lane wrote:
> The difficulty with encouraging people to su to root for install is that
> it's so easy to make the files root-owned and thereby create a security
> problem. Perhaps the right compromise is to add a --owner switch to
> "make install", and to have it refuse to install if the (given or
> defaulted) ownership is "root" ?
See Vince's email about the configure switch to be used in install. That
is what I was shooting for. I am not sure to what extend initdb should use
those settings (recall: autoconf is not for configuring run time stuff)
but if you *insist* on running initdb as root (too lazy to su, forgot to,
etc.) there should be an option, as there is now.
> offhand I can't think of any reason that any postgres-owned processes
> need to be able to write in the bin, lib, or include hierarchies. Can
> anyone else think of one?
They better not write there. That would certainly be a major bug.
> BTW, do we have a check in the postmaster to refuse to start if its euid
> is root? Shouldn't we?
There is a check and it refuses to start.
--
Peter Eisentraut Sernanders vaeg 10:115
peter_e@gmx.net 75262 Uppsala
http://yi.org/peter-e/ Sweden
