Thread: Postgres user with a shell of /bin/false
I've browsed my history of the list, and the Internet for information regarding giving the unix 'postgres' user a shell of /bin/false, so that it cannot be logged into directly. It seems from my research that if I set the user's shell to /bin/false it will not prevent the running of postgres itself. Before I start changing the postgres Unix users, can someone please confirm that this will work, and any 'gotchas' I might have missed. Obviously there are ways to circumvent this, I know. Cheers, Cliff
On Friday 22 May 2009 06:51:42 Cliff Pratt wrote: > I've browsed my history of the list, and the Internet for information > regarding giving the unix 'postgres' user a shell of /bin/false, so > that it cannot be logged into directly. It seems from my research that > if I set the user's shell to /bin/false it will not prevent the > running of postgres itself. I think it could work, but I don't think it is to be recommended. Sometimes you want to log in as that user to be able to do certain types of special administration or fixes. For example, if you ever need to run pg_resetxlog, you probably want to be logged in as postgres, unless you are very confident that your su or sudo invocations are correct and don't mess up the permissions of the database directory in strange ways. Maybe disabling the password of the account and allowing login only via sudo is close to what you want, but ends up being more flexible.
On Fri, May 22, 2009 at 9:49 AM, Peter Eisentraut <peter_e@gmx.net> wrote:
On Friday 22 May 2009 06:51:42 Cliff Pratt wrote:I think it could work, but I don't think it is to be recommended. Sometimes
> I've browsed my history of the list, and the Internet for information
> regarding giving the unix 'postgres' user a shell of /bin/false, so
> that it cannot be logged into directly. It seems from my research that
> if I set the user's shell to /bin/false it will not prevent the
> running of postgres itself.
you want to log in as that user to be able to do certain types of special
administration or fixes. For example, if you ever need to run pg_resetxlog,
you probably want to be logged in as postgres, unless you are very confident
that your su or sudo invocations are correct and don't mess up the permissions
of the database directory in strange ways.
Maybe disabling the password of the account and allowing login only via sudo
is close to what you want, but ends up being more flexible.
It will work, the only problem you'll run into is the startup scripts. Typically (and this depends on the package you're using), your startup script is probably using 'su postgres' to run pg_ctl. You would need to modify that line to use 'su -c /bin/sh .... ' or something of the like to have those scripts work.
--Scott
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
> I've browsed my history of the list, and the Internet for > information > regarding giving the unix 'postgres' user a shell of /bin/false, so > that it cannot be logged into directly. It seems from my research > that > if I set the user's shell to /bin/false it will not prevent the > running of postgres itself. In at least FreeBSD, the standard ports way of setting PGSQL user to use /usr/bin/nologin as shell works well enough. You get the regular shell interface from SU'ing or sudoing into account, but you cannot login into box directly. Is the nologin "shell" BSD only feature though? -Reko