I've seen book that prefer installing PostgreSQL as root and another one
recommends otherwise by first creating a postgres account and then
installing it as postgres. In the Oracle world, you don't use root to
install the software. What is the best practice as far as PostgreSQL
goes?
--
Husam
*
Tomeh, Husam wrote:
I've seen book that prefer installing PostgreSQL as root and another one
recommends otherwise by first creating a postgres account and then
installing it as postgres. In the Oracle world, you don't use root to
install the software. What is the best practice as far as PostgreS
On Wed, 12 Jan 2005 15:30:06 -0800, Tomeh, Husam <[EMAIL PROTECTED]> wrote:
> I've seen book that prefer installing PostgreSQL as root and another one
> recommends otherwise by first creating a postgres account and then
> installing it as postgres. In the Oracle world, you don't use root to
> insta
Tomeh, Husam wrote:
> I've seen book that prefer installing PostgreSQL as root and another
> one recommends otherwise by first creating a postgres account and
> then installing it as postgres. In the Oracle world, you don't use
> root to install the software. What is the best practice as far as
> P
On Thu, 13 Jan 2005 01:00:31 +0100, Peter Eisentraut <[EMAIL PROTECTED]> wrote:
> Tomeh, Husam wrote:
> > I've seen book that prefer installing PostgreSQL as root and another
> > one recommends otherwise by first creating a postgres account and
> > then installing it as postgres. In the Oracle worl
Peter Eisentraut wrote:
Tomeh, Husam wrote:
I've seen book that prefer installing PostgreSQL as root and another
one recommends otherwise by first creating a postgres account and
then installing it as postgres. In the Oracle world, you don't use
root to install the software. What is the best practi
On January 12, 2005 04:31 pm, Joshua D. Drake wrote:
> Peter Eisentraut wrote:
> > Tomeh, Husam wrote:
> >>I've seen book that prefer installing PostgreSQL as root and another
> >>one recommends otherwise by first creating a postgres account and
> >>then installing it as postgres. In the Oracle wor
The current recommendation, which is reflected in the installation
instructions, is to install the software as root and to use the
postgres user for the database files. The advice seen elsewhere in
this thread to use the postgres user also for the software files is
wrong.
As a security profe
Darcy Buskermolen wrote:
On January 12, 2005 04:31 pm, Joshua D. Drake wrote:
Peter Eisentraut wrote:
Tomeh, Husam wrote:
I've seen book that prefer installing PostgreSQL as root and another
one recommends otherwise by first creating a postgres account and
then installing it as postg
Christopher Petrilli <[EMAIL PROTECTED]> writes:
> On Thu, 13 Jan 2005 01:00:31 +0100, Peter Eisentraut <[EMAIL PROTECTED]>
> wrote:
>> The current recommendation, which is reflected in the installation
>> instructions, is to install the software as root and to use the
>> postgres user for the dat
r Oracle DBA
Oracle Certified 8i DBA
-Original Message-
From: Peter Eisentraut [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 12, 2005 7:01 PM
To: Tomeh, Husam
Cc: PgSQL ADMIN
Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root"
Debate!
Tomeh, Hu
:[EMAIL PROTECTED]
Sent: Wednesday, January 12, 2005 11:14 PM
To: Goulet, Dick
Cc: Peter Eisentraut; Tomeh, Husam; PgSQL ADMIN
Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root"
Debate!
On Wed, 12 Jan 2005, Goulet, Dick wrote:
> You may well be on the
to:[EMAIL PROTECTED]
> Sent: Wednesday, January 12, 2005 7:01 PM
> To: Tomeh, Husam
> Cc: PgSQL ADMIN
> Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root"
> Debate!
>
> Tomeh, Husam wrote:
> > I've seen book that prefe
On Wed, 12 Jan 2005, Goulet, Dick wrote:
> Whatever, I'll keep root only for absolutely restricted use & install
> under a separate user account. Works just fine & it makes the auditors
> & sysadmin feel better.
Unfortunately, I _know_ how auditors think, but I would hope that a
sensible compan
gSQL ADMIN
Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root"
Debate!
On Wed, 12 Jan 2005, Goulet, Dick wrote:
You may well be on the development team, but you are wrong for
one very important reason. If the Postgresql executables are owned by
root they execu
Christopher Petrilli <[EMAIL PROTECTED]> writes:
> As a security professional, why would the root user need to be
> involved in the ownership of PostgreSQL? I see no reason for this,
> but perhaps I'm missing something important.
A number of years ago some Unices experimented with installing sys
I wrote:
> The current recommendation, which is reflected in the installation
> instructions, is to install the software as root and to use the
> postgres user for the database files. The advice seen elsewhere in
> this thread to use the postgres user also for the software files is
> wrong.
Those
oulet
Senior Oracle DBA
Oracle Certified 8i DBA
-Original Message-
From: Peter Eisentraut [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 12, 2005 7:01 PM
To: Tomeh, Husam
Cc: PgSQL ADMIN
Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root"
Debate!
On Wed, 12 Jan 2005 20:52:16 -0800, Joshua D. Drake
<[EMAIL PROTECTED]> wrote:
> >Whatever, I'll keep root only for absolutely restricted use & install
> >under a separate user account. Works just fine & it makes the auditors
> >& sysadmin feel better.
> I don't argue the point of using root. I ag
* Dawid Kuroczko <[EMAIL PROTECTED]> [0117 12:17]:
> On Wed, 12 Jan 2005 20:52:16 -0800, Joshua D. Drake
> <[EMAIL PROTECTED]> wrote:
> > >Whatever, I'll keep root only for absolutely restricted use & install
> > >under a separate user account. Works just fine & it makes the auditors
> > >& sysadm
On Thu, 13 Jan 2005 12:20:41 +, Dick Davies
<[EMAIL PROTECTED]> wrote:
> > But only if either setuid root or executed by root. Hey, on my
> > system even /bin/sh is owned by root; it would be funny of it
> > executed as root
> C'mon folks, the guy obviously made a booboo - no need to rub his
>
k Goulet
Senior Oracle DBA
Oracle Certified 8i DBA
-Original Message-
From: Dick Davies [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 13, 2005 7:21 AM
To: PostgreSQL Admin
Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root"
Debate!
* Dawid Kuroczko
Those who dismiss this advice as my own imagination may want to check
how other server packages are installed on their system.
What user does sshd run under? Who owns /usr/sbin/sshd?
What user does the MTA run under? Who owns the binaries?
What user does Apache run under? Who owns the binarie
"Goulet, Dick" <[EMAIL PROTECTED]> writes:
> to Postgres install as well. I as the DBA should be able to install,
> upgrade, etc the software without access to the root account. Simply
> put the fewer people who know the root password the fewer who can
> destroy the system and the fewer who have
* Dawid Kuroczko <[EMAIL PROTECTED]> [0151 12:51]:
> On Thu, 13 Jan 2005 12:20:41 +, Dick Davies
> <[EMAIL PROTECTED]> wrote:
> > > But only if either setuid root or executed by root. Hey, on my
> > > system even /bin/sh is owned by root; it would be funny of it
> > > executed as root
> > C'mo
Put all your eggs in one basket, and WATCH THAT BASKET.
Better yet, pay someone more reliable than oneself to watch it.
Preferably a well-paid and happy fox.
Or _maybe_ put your eggs in an invisible super-basket?
Not trolling, just checking the analogy integrity field.
M
--
Martha Stewart called it a Good Thing when [EMAIL PROTECTED] ("Goulet, Dick")
wrote:
> You may well be on the development team, but you are wrong for
> one very important reason. If the Postgresql executables are owned by
> root they execute with the priviledges of root.
Methinks you may
In an attempt to throw the authorities off his trail, [EMAIL PROTECTED]
("Tomeh, Husam") transmitted:
> I've seen book that prefer installing PostgreSQL as root and another one
> recommends otherwise by first creating a postgres account and then
> installing it as postgres. In the Oracle world, yo
Martha Stewart called it a Good Thing when [EMAIL PROTECTED] ("Goulet, Dick")
wrote:
> Well, thanks for the leeway, but getting one's nose rubbed in things for
> good and bad comes with the turf. If there's one thing I've learned
> about software over the years it's that there are many ways to sk
nse of the most valuable.
Dick Goulet
Senior Oracle DBA
Oracle Certified 8i DBA
-Original Message-
From: Doug Quale [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 13, 2005 11:56 AM
To: PostgreSQL Admin
Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus &qu
ied 8i DBA
-Original Message-
From: Doug Quale [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 13, 2005 11:56 AM
To: PostgreSQL Admin
Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root"
Debate!
"Goulet, Dick" <[EMAIL PROTECTED]> write
On Thu, Jan 13, 2005 at 13:52:41 -0500,
"Goulet, Dick" <[EMAIL PROTECTED]> wrote:
> Doug,
>
> OK, Assume that the binaries are installed under root, but a
> hacker cracks PostGres, what is to stop him/her from trashing all of the
> database files in the first place? Their not owned by roo
Goulet, Dick wrote:
> And in my book the executables are
> of zero value whereas the data files, and their contained data, are
> of infinite value. So under your scheme we're protecting the least
> valuable part of the system at the expense of the most valuable.
No, there is no expense in that se
"Goulet, Dick" <[EMAIL PROTECTED]> writes:
> OK, Assume that the binaries are installed under root, but a
> hacker cracks PostGres, what is to stop him/her from trashing all of the
> database files in the first place? Their not owned by root. Installing
> malware, whether it's actual code
bout the data
anyways.
>
>
> Dick Goulet
> Senior Oracle DBA
> Oracle Certified 8i DBA
> -Original Message-
> From: Doug Quale [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 13, 2005 11:56 AM
> To: PostgreSQL Admin
> Subject: Re: [ADMIN] Installing PostgreSQL
your saving grace or doom.
Dick Goulet
Senior Oracle DBA
Oracle Certified 8i DBA
-Original Message-
From: Uwe C. Schroeder [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 13, 2005 4:14 PM
To: PostgreSQL Admin
Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus &qu
Uwe C. Schroeder wrote:
[ PGP not available, raw data follows ]
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thursday 13 January 2005 10:52 am, Goulet, Dick wrote:
> > Doug,
> >
> > OK, Assume that the binaries are installed under root, but a
> > hacker cracks PostGres, what is to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 13 January 2005 01:44 pm, Bruce Momjian wrote:
> Uwe C. Schroeder wrote:
> [ PGP not available, raw data follows ]
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On Thursday 13 January 2005 10:52 am, Goulet, Dick wrote:
> >
In article <[EMAIL PROTECTED]>,
Goulet, Dick <[EMAIL PROTECTED]> wrote:
> Well, someone I can wholeheartedly agree with. So it really does not
>matter who owns the binaries. Once the right account gets hacked your
>had. If they hack root your dead, if they hack postgres the database is
>had alth
39 matches
Mail list logo
