Tom Lane <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] (Trond Eivind =?iso-8859-1?q?Glomsr=F8d?=) writes:
> >> There is a security issue here: stuff stored in datadir is not visible
> >> to random other users on the machine (since datadir is mode 700), but
> >> I would not expect sysconfdir to be mode 700.
>
> > It could be (the RPMs specify a sysconfdir of /etc/pgsql)
>
> The usual install procedure would probably leave sysconfdir owned by
> root, if one likes to install in such a way that the binaries are owned
> by root (ie make, su root, make install). I'd object to a setup that's
> insecure for people who aren't using RPMs.
So make the files unreadable, if so required.
> The real bottom line here, though, is that you haven't shown me any
> positive reason to move the config files out of datadir.
It conflicts with the FHS - and no, I don't consider configuration
files and data as an identical item.
--
Trond Eivind Glomsrød
Red Hat, Inc.
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
