Received: from localhost (postgresql.org [64.49.215.8])
	by postgresql.org (Postfix) with ESMTP id 582DC476108
	for <pgsql-hackers@postgresql.org>;
	Fri, 24 Jan 2003 10:42:18 -0500 (EST)
Received: from trolak.mydnsbox2.com (ns1.mydnsbox2.com [207.44.142.118])
	by postgresql.org (Postfix) with ESMTP id 413A3476A02
	for <pgsql-hackers@postgresql.org>;
	Fri, 24 Jan 2003 10:36:43 -0500 (EST)
Received: from rduadunstan2 ([65.213.236.239]) (authenticated (0 bits))
	by trolak.mydnsbox2.com (8.11.6/8.11.6) with ESMTP id h0OGTrX17922
	for <pgsql-hackers@postgresql.org>; Fri, 24 Jan 2003 10:29:53 -0600
Message-ID: <002b01c2c3be$68262c90$1a01000a@rduadunstan2>
From: "Andrew Dunstan" <andrew@dunslane.net>
To: <pgsql-hackers@postgresql.org>
References: <1043162191.18529.11.camel@camel>
	<3E310ED4.2715.5D39B3DB@localhost>
Subject: Re: What goes into the security doc?
Date: Fri, 24 Jan 2003 10:36:43 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
X-Virus-Scanned: by AMaViS new-20020517
X-Archive-Number: 200301/930
X-Sequence-Number: 34540

man su says (on Linux):

       -s, --shell=SHELL
              run SHELL if /etc/shells allows it

Illustration:

[adunsta:adunsta]$ su -s /bin/tcsh - -c 'ps -f $$'
Password:
UID        PID  PPID  C STIME TTY      STAT   TIME CMD
root     10682 10681  0 10:34 pts/0    S      0:00 -tcsh -c ps -f $$
[adunsta:adunsta]$


So setting /bin/true as the login shell prevents real logins but doesn't
prevent running commands as the user via su, even from a login shell.

andrew

----- Original Message -----
From: "Dan Langille" <dan@langille.org>
To: "Christopher Kings-Lynne" <chriskl@familyhealth.com.au>
Cc: <pgsql-hackers@postgresql.org>
Sent: Friday, January 24, 2003 10:00 AM
Subject: Re: [HACKERS] What goes into the security doc?


> On 22 Jan 2003 at 13:29, Christopher Kings-Lynne wrote:
>
> > Recommend always running "initdb -W" and setting all pg_hba entries to
md5.
>
> Thanks.  I also encountered this item on IRC:
>
> [09:26] <fede2> Guys, is there a problem with using /bin/true of
> /bin/false as the shell of the postgres user? The docs only says
> "adduser postgres" , witch will give postgres a nice shell.
> [09:27] <fede2> I'm asking because the guys from Gentoo (thats a
> distro FWIW), want to use either /bin/false of /bin/true as postgres'
> shell.
> [09:27] <dvl> fede2: it means you won't be able to become the
> postgres user to run commands.
> [09:27] <mmc_> ... to run SHELL commands.
> [09:29] <fede2> dvl: Aldo it's not the same, one could use "su -c foo
> postgres" to workarround it.
> [09:30] <fede2> dvl: I was wondering if it had an even heavier
> reason, besides that.
> [09:34] <mmc_> fede2: tha manpage of su says, that -c args is treated
> by the login shell !
> [09:35] <fede2> mmc_: Hmm.. true. That makes it a heavy enough
> reason. Thanks.
> [09:35] * fede2 departs
> --
> Dan Langille : http://www.langille.org/
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org