[redirect to -hackers]
Tom Lane writes:
> > The fact that the database server is wide-open in the default installation
> > is surely not good, but the problem is that we don't have a universally
> > accepted way to lock it down.
> > Another option would be to set the unix domain socket permissions to
> > 0200 by default, so only the user that's running the server can get in.
> For my purposes this would be acceptable, but I wouldn't actually want
> to use 0200. So it'd be nicer if the default socket permission were
> trivially configurable (ideally as a configure switch). Given that,
> I wouldn't mind if the default were 0200.
It is configurable already (unix_socket_permissions in postgresql.conf).
If we make this change then we just need to make it really clear in the
documentation somewhere, because the error message will say "Connection
refused", and the permission of the socket file is the last thing people
will think of.
> Note that locking down the unix socket is little help if one is using a
> startup script that helpfully supplies -i by default. I am not sure
> what the score is with all the startup scripts that are in various RPMs
> and other platform-specific distributions; does anyone know if there are
> any that ship with -i enabled?
The last count is that none that I can see the source code for do. In
general, I don't think this is our problem. If people change the default
configuration in their packages without knowing better, they cannot be
helped. They will just as quickly change the default unix socket
permissions back to 0777 if they want to.
--
Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter