Bruce Momjian <[EMAIL PROTECTED]> writes: > Tom Lane wrote: > Socket permissions - only install user can access db by default >> >> I do not agree with this goal.
> OK, this is TODO item: > * Make single-user local access permissions the default by limiting > permissions on the socket file (Peter E) Yes, I know what the TODO item says, and I disagree with it. If we make the default permissions 700, then it's impossible to access the database unless you run as the database owner. This is not a security improvement --- it's more like claiming that a Linux system would be more secure if you got rid of ordinary users and did all your work as root. We should *not* encourage people to operate that way. (It's certainly unworkable for RPM distributions anyway; only a user who is hand-building a test installation under his own account would possibly think that this is a useful default.) I could see a default setup that made the permissions 770, allowing access to anyone in the postgres group; that would at least bear some slight resemblance to a workable production setup. However, this assumes that the DBA has root privileges, else he'll not be able to add/remove users from the postgres group. Also, on systems where users all belong to the same "users" group, 770 isn't really better than 777. The bottom line here is that there isn't any default protection setup that is really widely useful. Everyone's got to adjust the thing to fit their own circumstances. I'd rather see us spend more documentation effort on pointing this out and explaining the alternatives, and not think that we can solve the problem by making the default installation so tight as to be useless. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly