public inbox for [email protected]
help / color / mirror / Atom feedFrom: Dan Langille <[email protected]>
To: Christopher Kings-Lynne <[email protected]>
Cc: [email protected]
Subject: Re: What goes into the security doc?
Date: Fri, 24 Jan 2003 10:00:52 -0500
Message-ID: <3E310ED4.2715.5D39B3DB@localhost> (raw)
In-Reply-To: <[email protected]>
References: <1043162191.18529.11.camel@camel>
On 22 Jan 2003 at 13:29, Christopher Kings-Lynne wrote:
> Recommend always running "initdb -W" and setting all pg_hba entries to md5.
Thanks. I also encountered this item on IRC:
[09:26] <fede2> Guys, is there a problem with using /bin/true of
/bin/false as the shell of the postgres user? The docs only says
"adduser postgres" , witch will give postgres a nice shell.
[09:27] <fede2> I'm asking because the guys from Gentoo (thats a
distro FWIW), want to use either /bin/false of /bin/true as postgres'
shell.
[09:27] <dvl> fede2: it means you won't be able to become the
postgres user to run commands.
[09:27] <mmc_> ... to run SHELL commands.
[09:29] <fede2> dvl: Aldo it's not the same, one could use "su -c foo
postgres" to workarround it.
[09:30] <fede2> dvl: I was wondering if it had an even heavier
reason, besides that.
[09:34] <mmc_> fede2: tha manpage of su says, that -c args is treated
by the login shell !
[09:35] <fede2> mmc_: Hmm.. true. That makes it a heavy enough
reason. Thanks.
[09:35] * fede2 departs
--
Dan Langille : http://www.langille.org/
view thread (20+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: What goes into the security doc?
In-Reply-To: <3E310ED4.2715.5D39B3DB@localhost>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox