Thread: Postmaster startup

Postmaster startup

From
Oleg Lebedev
Date:
Hi,
I decided to tighten up security on the server and start postmaster as
postgres user on startup.
I have a script my_script that is run on startup, which has root
permissions. From this script I want to start postgres script, which is
owned by postgres (postgerSQL superuser) and has 's' bit set so that it
executes with postgres priviledges. When I try to run my_script, I get
an error:
postmaster: real and effective userids must match
what am I doing wrong?
Thanks for your help in advance,

Oleg



Re: Postmaster startup

From
Peter Eisentraut
Date:
Oleg Lebedev writes:

> I have a script my_script that is run on startup, which has root
> permissions. From this script I want to start postgres script, which is
> owned by postgres (postgerSQL superuser) and has 's' bit set so that it
> executes with postgres priviledges. When I try to run my_script, I get
> an error:
> postmaster: real and effective userids must match

You should start the postmaster like this:

su -c 'postmaster -D ...' postgres

Setuid is not allowed because it introduces a security hole (on some
platforms anyway), coming from user-defined C functions.

--
Peter Eisentraut   peter_e@gmx.net   http://funkturm.homeip.net/~peter


Re: Postmaster startup

From
"Brett W. McCoy"
Date:
On Fri, 5 Oct 2001, Oleg Lebedev wrote:

> I decided to tighten up security on the server and start postmaster as
> postgres user on startup.
> I have a script my_script that is run on startup, which has root
> permissions. From this script I want to start postgres script, which is
> owned by postgres (postgerSQL superuser) and has 's' bit set so that it
> executes with postgres priviledges. When I try to run my_script, I get
> an error:
> postmaster: real and effective userids must match
> what am I doing wrong?

You should start postmaster with something like:

su - postgres -c 'postmaster' &

in your startup scripts.  Setting the sticky bit will not accomplish what
you are trying to do.

-- Brett
                                          http://www.chapelperilous.net/
------------------------------------------------------------------------
To thine own self be true.  (If not that, at least make some money.)


Re: Postmaster startup

From
"Chad R. Larson"
Date:
At 12:25 PM 10/5/01 -0600, Oleg Lebedev wrote:
>I have a script my_script that is run on startup, which has root
>permissions. From this script I want to start postgres script, which is
>owned by postgres (postgerSQL superuser) and has 's' bit set so that it
>executes with postgres priviledges. When I try to run my_script, I get an
>error: postmaster: real and effective userids must match what am I doing wrong?

On many systems, SUID scripts are considered a security hole.  On
SysVr4-derived systems, the SUID bit on a script is silently ignored for
that reason.  If you're half-interested, go look at all the hoops PERL
jumps through to run SUID PERL scripts.

Anyway, attached is the script I use to start/stop Postgres on a Solaris
2.6 system.  Hope it helps.  The magic is the "su posgtres -c ..." part.

         -crl
--
Chad R. Larson (CRL22)    chad@eldocomp.com
   Eldorado Computing, Inc.   602-604-3100
      5353 North 16th Street, Suite 400
        Phoenix, Arizona   85016-3228

Attachment

What is the default password for the user postgres..

From
"Moovarkku Mudhalvan"
Date:
Hi Friends,

    Greetings. What is the default password for the user postgres.. Let me
change the password.. If i change the password.. Does it make any problem in
my datas...

Thanks
Mudhalvan M.M


Re: What is the default password for the user postgres..

From
"Nick Fankhauser"
Date:
Hi Friend!

I don't think there is a "default" password...

The method for authentication depends on what you have set up in
pg_hba.conf. You may opt for a password, but you will be able to set it
initially yourself before turning on the authorization.

Look here for more:

http://www.postgresql.org/idocs/index.php?client-authentication.html#PG-HBA.
CONF

Hope this helps.

-Nick

--------------------------------------------------------------------------
Nick Fankhauser  nickf@ontko.com  Phone 1.765.935.4283  Fax 1.765.962.9788
Ray Ontko & Co.     Software Consulting Services     http://www.ontko.com/



> -----Original Message-----
> From: pgsql-admin-owner@postgresql.org
> [mailto:pgsql-admin-owner@postgresql.org]On Behalf Of Moovarkku
> Mudhalvan
> Sent: Monday, October 15, 2001 2:37 AM
> To: Oleg Lebedev; pgsql-admin@postgresql.org; Chad R. Larson
> Subject: [ADMIN] What is the default password for the user postgres..
>
>
> Hi Friends,
>
>     Greetings. What is the default password for the user postgres.. Let me
> change the password.. If i change the password.. Does it make any
> problem in
> my datas...
>
> Thanks
> Mudhalvan M.M
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/users-lounge/docs/faq.html
>


Re: What is the default password for the user postgres..

From
"Oliver Elphick"
Date:
"Moovarkku Mudhalvan" wrote:
  >Hi Friends,
  >
  >    Greetings. What is the default password for the user postgres.. Let me
  >change the password.. If i change the password.. Does it make any problem in
  >my datas...

There is no password by default; create one with ALTER USER.

Passwords do not take effect unless pg_hba.conf is set up to use them.  If
it is, and you have not assigned a password to postgres, you will not be
able to connect as postgres.

--
Oliver Elphick                                Oliver.Elphick@lfix.co.uk
Isle of Wight                              http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839  932A 614D 4C34 3E1D 0C1C

     "If ye love me, keep my commandments."       John 14:15