Stephen Frost wrote: -- Start of PGP signed section. > * Bruce Momjian (pgman@candle.pha.pa.us) wrote: > > I updated the wording to say 'non-root users': > > > > If running in FreeBSD jails by enabling <application>sysconf</>'s > > <literal>security.jail.sysvipc_allowed</>, > > <application>postmaster</>s > > running in different jails should be run by different operating > > system > > users. This improves security because it prevents non-root users > > from interfering with shared memory or semaphores in a different > > jail, > > and it allows the PostgreSQL IPC cleanup code to function properly. > > (In FreeBSD 6.0 and later the IPC cleanup code doesn't properly > > detect > > processes in other jails, preventing the running of postmasters on > > the > > same port in different jails.) > > You're still saying it'll do something that it won't... It doesn't > prevent non-root users from messing with each other if they're the same > UID, even if they're under different jails... That's the whole problem > here. :)
Uh, the first part says use different Unix users for different jails, then it says why to do that (security). Seems clear to me. -- Bruce Momjian http://candle.pha.pa.us EnterpriseDB http://www.enterprisedb.com + If your life is a hard drive, Christ can be your backup. + ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
