Thread: Installation of postgresql database as root
Hi All,
The documentation(s) did not specify anything about the above but is it absolutely necessary to install postgresql db as superuser root? Can I create a user (say postgres) and then install the postgresql?
Thank you,
Best Regards
Luqman B Mohd Ali
CONFIDENTIALITY
This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof.
ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity.
_____________________________________________________________________________
Scanned by Sanmina-SCI eShield _____________________________________________________________________________
On 6/6/07, Ali, Luqman <luqman.ali@sanmina-sci.com> wrote:
> Hi All,
Hi!
> The documentation(s) did not specify anything about the above but is it
> absolutely necessary to install postgresql db as superuser root? Can I
> create a user (say postgres) and then install the postgresql?
I guess the question is whether that user has write access
to the target file-system(s) ...
> Thank you,
>
> Best Regards
>
>
>
> Luqman B Mohd Ali
-- Cheers,
Andrej
Please don't top post, and don't use HTML e-Mail :} Make your quotes concise.
http://www.american.edu/econ/notes/htmlmail.htm
P.S.: The legal disclaimer about confidentiality makes no sense
when addressed to a mailing list.
> The documentation(s) did not specify anything about the above but is
it
>> absolutely necessary to install postgresql db as superuser root? Can
I
>> create a user (say postgres) and then install the postgresql?
>I guess the question is whether that user has write access
>to the target file-system(s) ...
Absolutely, the user (i.e. me) will have write access to the target
file-systems. Another question is does postgres user get automatically
created with the installation of progress or will the sysadmin have to
create that?
-- Cheers,
Andrej
CONFIDENTIALITY
This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may
containlegally privileged and/or confidential information. If you are not the intended recipient of this e-mail
message,you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any
attachmentsthereto, is strictly prohibited. If you have received this e-mail message in error, please immediately
notifythe sender and permanently delete the original and any copies of this email and any prints thereof.
ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING.
Notwithstandingthe Uniform Electronic Transactions Act or the applicability of any other law of similar substance and
effect,absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments
heretoare not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to
bindthe sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity.
_____________________________________________________________________________
Scanned by Sanmina-SCI eShield _____________________________________________________________________________
On 6/6/07, Ali, Luqman <luqman.ali@sanmina-sci.com> wrote:
> >I guess the question is whether that user has write access
> >to the target file-system(s) ...
>
> Absolutely, the user (i.e. me) will have write access to the target
> file-systems. Another question is does postgres user get automatically
> created with the installation of progress or will the sysadmin have to
> create that?
From INSTALL:
Short Version
./configure
gmake
su
gmake install
adduser postgres
mkdir /usr/local/pgsql/data
chown postgres /usr/local/pgsql/data
su - postgres
So, I guess that means it doesn't get created. Why are you
averse to installing as root, btw? I think it makes perfect sense
to have the postgres user only own the data directory. That way,
if you configure the config files to live in /etc and they aren't owned
by postgres (the user account) a potential attacker can't make changes
to permissible connections, for instance.
-- Cheers,
Andrej
Please don't top post, and don't use HTML e-Mail :} Make your quotes concise.
http://www.american.edu/econ/notes/htmlmail.htm
>> >I guess the question is whether that user has write access >> >to the target file-system(s) ... >> >> Absolutely, the user (i.e. me) will have write access to the target >> file-systems. Another question is does postgres user get automatically >> created with the installation of progress or will the sysadmin have to >> create that? . . <snip> . . >So, I guess that means it doesn't get created. Why are you >averse to installing as root, btw? I think it makes perfect sense >to have the postgres user only own the data directory. That way, >if you configure the config files to live in /etc and they aren't owned >by postgres (the user account) a potential attacker can't make changes >to permissible connections, for instance. I have no aversion to installing it as root but getting root access from the sys admin would be a PITA. Company policy dictates that root access is given to as few people as possible and only if it is necessary. Hence, I needed to know if it is absolutely necessary to install as root. If there are enough justifications for that, I could revert back to my manager and get root access. If not, I can live with not having root access and doing things from the user account. I'm not too worried about any potential attackers having the user account as there would be enough safeguards for that. Thank you, Best regards, Luqman CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may containlegally privileged and/or confidential information. If you are not the intended recipient of this e-mail message,you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachmentsthereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notifythe sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstandingthe Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect,absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments heretoare not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bindthe sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. _____________________________________________________________________________ Scanned by Sanmina-SCI eShield _____________________________________________________________________________
On Jun 6, 2007, at 12:20 AM, Ali, Luqman wrote: > I have no aversion to installing it as root but getting root access > from > the sys admin would be a PITA. Company policy dictates that root > access > is given to as few people as possible and only if it is necessary. > Hence, I needed to know if it is absolutely necessary to install as > root. If there are enough justifications for that, I could revert back > to my manager and get root access. If not, I can live with not having > root access and doing things from the user account. I'm not too > worried > about any potential attackers having the user account as there > would be > enough safeguards for that. No, it is not required to install as root. I believe the instructions indicate using root because root access is generally required to put binaries in the default install location. But you can install it anywhere you like using the --prefix configure option. John DeSoi, Ph.D. http://pgedit.com/ Power Tools for PostgreSQL
John DeSoi <desoi@pgedit.com> writes:
> On Jun 6, 2007, at 12:20 AM, Ali, Luqman wrote:
>> I have no aversion to installing it as root but getting root access
>> from the sys admin would be a PITA. Company policy dictates that root
>> access is given to as few people as possible and only if it is necessary.
>> Hence, I needed to know if it is absolutely necessary to install as
>> root.
> No, it is not required to install as root. I believe the instructions
> indicate using root because root access is generally required to put
> binaries in the default install location.
One thing you might consider is to have the binaries owned by some
*other* unprivileged account, for instance install as user pgsql and run
the database as user postgres. This should provide an equivalent level
of protection against someone having cracked the database. The point is
just that if the binaries aren't writable by the database account,
that's one more obstacle in the way of parlaying the database crack into
any greater level of access.
regards, tom lane