Received: from localhost (postgresql.org [64.49.215.8]) by postgresql.org (Postfix) with ESMTP id 83A84475AFA for ; Fri, 24 Jan 2003 10:00:51 -0500 (EST) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by postgresql.org (Postfix) with ESMTP id D09E2475A3F for ; Fri, 24 Jan 2003 10:00:48 -0500 (EST) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 28ECA3D27; Fri, 24 Jan 2003 10:00:52 -0500 (EST) From: "Dan Langille" To: "Christopher Kings-Lynne" Date: Fri, 24 Jan 2003 10:00:52 -0500 MIME-Version: 1.0 Subject: Re: What goes into the security doc? Cc: Message-ID: <3E310ED4.2715.5D39B3DB@localhost> In-reply-to: References: <1043162191.18529.11.camel@camel> X-mailer: Pegasus Mail for Windows (v4.02a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Virus-Scanned: by AMaViS new-20020517 X-Archive-Number: 200301/928 X-Sequence-Number: 34538 On 22 Jan 2003 at 13:29, Christopher Kings-Lynne wrote: > Recommend always running "initdb -W" and setting all pg_hba entries to md5. Thanks. I also encountered this item on IRC: [09:26] Guys, is there a problem with using /bin/true of /bin/false as the shell of the postgres user? The docs only says "adduser postgres" , witch will give postgres a nice shell. [09:27] I'm asking because the guys from Gentoo (thats a distro FWIW), want to use either /bin/false of /bin/true as postgres' shell. [09:27] fede2: it means you won't be able to become the postgres user to run commands. [09:27] ... to run SHELL commands. [09:29] dvl: Aldo it's not the same, one could use "su -c foo postgres" to workarround it. [09:30] dvl: I was wondering if it had an even heavier reason, besides that. [09:34] fede2: tha manpage of su says, that -c args is treated by the login shell ! [09:35] mmc_: Hmm.. true. That makes it a heavy enough reason. Thanks. [09:35] * fede2 departs -- Dan Langille : http://www.langille.org/