Thread: Improved security for https://www.postgresql.org/docs/current/install-make.html

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/17/install-make.html
Description:

The current 'short' version is

```
./configure
make
su
make install
adduser postgres
mkdir -p /usr/local/pgsql/data
chown postgres /usr/local/pgsql/data
su - postgres
/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data
/usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start
/usr/local/pgsql/bin/createdb test
/usr/local/pgsql/bin/psql test
```

The security could be improved by limiting the amount of work that is done
as root. (sudo make 
install -- shudder!)

First, split `make install` so `make build` gets as far as building the
libraries **under the current directory**, not on location in the start
directory.

Second, verify that `make install` does nothing but create directories and
copy files into them. It can probably also include the tasks currently done
by `make installdir` but the latter might still be required by some external
process. This target should be reviewed by security experts.

The 'short' script can then be rewritten as

```
# work done as a regular user
./configure
make build

# work that requires ROOT access
su
mkdir /usr/local/pgsql/data
chown (current user):(current group) /usr/local/pgsql
adduser --system --group postgres
exit

# work that requires POSTGRES access
su -u postgres
make install installdirs
exit

# work that requires ROOT access
su
adduser --system --group postgres
chown -R postgres:postgres /usr/local/pgsql
exit

# work that requires POSTGRES access
su - postgres
/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data
/usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start
/usr/local/pgsql/bin/createdb test
/usr/local/pgsql/bin/psql test
exit
```

On 06.11.24 22:58, PG Doc comments form wrote:
> The 'short' script can then be rewritten as
> 
> ```
> # work done as a regular user
> ./configure
> make build
> 
> # work that requires ROOT access
> su
> mkdir /usr/local/pgsql/data
> chown (current user):(current group) /usr/local/pgsql
> adduser --system --group postgres
> exit
> 
> # work that requires POSTGRES access
> su -u postgres
> make install installdirs
> exit

We don't want the installed files to be owned by postgres.  That would 
mean that a compromised PostgreSQL server (running as "postgres") could 
overwrite its own installation files.  You don't have to use "root" for 
the installation, of course, but it should be separate from "postgres".

On 12.11.24 22:50, Bear Giles wrote:
> My point was mostly that I did a fresh 'git clone', followed the 
> instructions, and was immediately hit by a "permission denied" error 
> because the make script tried to create a directory under /usr/local. It 
> wasn't clear whether that was the only thing that required root access. 

Please provide a precise description of what steps you did and what the 
result or output from each was.  This report is not clear enough to be 
actionable.  As far as I can tell, the existing instructions are sound 
for a typical use, so it's not clear where your situation diverged.