Thread: reduce pg_hba.conf restrictions ...
is there any reason why we can't make the permissions on pg_hba.conf 600 vs 400? the data directory itself is only readable by the 'superuser'... Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org
On 01-Feb-00 The Hermit Hacker wrote: > > is there any reason why we can't make the permissions on pg_hba.conf 600 > vs 400? the data directory itself is only readable by the 'superuser'... Depends on what you edit with. If you use vi you can override the perms, if you use ee (like I do) you swear alot then change them yourself :) Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: vev@michvhf.com http://www.pop4.net 128K ISDN: $24.95/mo or less - 56K Dialup: $17.95/moor less at Pop4 Online Campground Directory http://www.camping-usa.com Online Giftshop Superstore http://www.cloudninegifts.com ==========================================================================
On Mon, 31 Jan 2000, Vince Vielhaber wrote: > > On 01-Feb-00 The Hermit Hacker wrote: > > > > is there any reason why we can't make the permissions on pg_hba.conf 600 > > vs 400? the data directory itself is only readable by the 'superuser'... > > Depends on what you edit with. If you use vi you can override the perms, > if you use ee (like I do) you swear alot then change them yourself :) I use vi and "swear alot then change them yourself" :) but, why are we bothering to swear instead of just changing them, is my question :) Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org
The Hermit Hacker <scrappy@hub.org> writes: > is there any reason why we can't make the permissions on pg_hba.conf 600 > vs 400? the data directory itself is only readable by the 'superuser'... I think the motivation may have been to prevent an attacker who manages to connect as superuser from overwriting the pg_hba.conf file with something more liberal (using backend-side COPY). However, if he's already managed to connect as superuser, it's difficult to see what he needs more-liberal connection privileges for. 600 does seem a lot more convenient for the admin. 400 might save the admin from some simple kinds of human error --- but not if he's already in the habit of overriding the protection whenever he updates the file. In short, I agree. Does anyone else see any real security gain from making it 400? regards, tom lane