Thread: AW: [HACKERS] initdb problems on Solaris

AW: [HACKERS] initdb problems on Solaris

From

Zeugswetter Andreas SB

Date:

20 January 2000, 08:05:24

> The postmaster and backend can and should refuse to run with an
> effective Unix userid of 0 (root), but that doesn't mean that
> a Postgres ID of 0 is insecure, does it?

The usual setup has the Postgres ID same as the unix id, thus
0 would be reserved for root.

I think this setup has the advatage, that we could someday issue
setuid() calls for "dba and untrusted stored procedures", which would 
imho be a very handy feature.

Andreas

Re: AW: [HACKERS] initdb problems on Solaris

From

Peter Eisentraut

Date:

20 January 2000, 09:15:25

On Thu, 20 Jan 2000, Zeugswetter Andreas SB wrote:

> 
> > The postmaster and backend can and should refuse to run with an
> > effective Unix userid of 0 (root), but that doesn't mean that
> > a Postgres ID of 0 is insecure, does it?
> 
> The usual setup has the Postgres ID same as the unix id, thus
> 0 would be reserved for root.
> 
> I think this setup has the advatage, that we could someday issue
> setuid() calls for "dba and untrusted stored procedures", which would 
> imho be a very handy feature.

That would require you to set up a Unix user for every Postgres user,
which is certainly not necassary in the general case.

-- 
Peter Eisentraut                  Sernanders vaeg 10:115
peter_e@gmx.net                   75262 Uppsala
http://yi.org/peter-e/            Sweden