Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1t19NH-00Ewbs-Qm
	for pgsql-general@arkaria.postgresql.org; Wed, 16 Oct 2024 19:07:59 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1t19NF-008Smv-C5
	for pgsql-general@arkaria.postgresql.org; Wed, 16 Oct 2024 19:07:57 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <mjtice@gmail.com>)
	id 1t19NE-008Sls-Uh
	for pgsql-general@lists.postgresql.org; Wed, 16 Oct 2024 19:07:57 +0000
Received: from mail-oo1-xc30.google.com ([2607:f8b0:4864:20::c30])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <mjtice@gmail.com>)
	id 1t19N8-001EN8-GB
	for pgsql-general@postgresql.org; Wed, 16 Oct 2024 19:07:56 +0000
Received: by mail-oo1-xc30.google.com with SMTP id 006d021491bc7-5e56759e6d7so139310eaf.3
        for <pgsql-general@postgresql.org>; Wed, 16 Oct 2024 12:07:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1729105669; x=1729710469; darn=postgresql.org;
        h=message-id:in-reply-to:to:references:date:subject:mime-version
         :content-transfer-encoding:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=4TqFlnth4tBDXS9sylm3OOjqQn/la0rzrQwgOhXdDYQ=;
        b=dQaWC7siATPCv9GLUk2SiB5bECEf5U2y9E8RB7ChJxbVhF6H6EDeldT16yYuxPCsw+
         L6p2ht60X6D6eOYnrsN8MnNZ1skZMRtq4UeWg/0HhWejtH8ic35awpz7WOiYybFoSUDH
         nJ0BmFun/aFCfz4QZZPaLpIER+evqPzDLOYhv5+5MKxFYcKpOcWrutz/JQ+fGAftrBEW
         jqkNEbGDmgRkVJGPdm3l8YKx52jwkrjOLl5AYbxRCBzPNHSvM35eCxg3rxJt4RIekBcv
         t89TlTGjhnur2YT92bfBPIbJNa79k1ngcoU5+9M6H8yuvh29smNj8L+lwC51p9DqDbiP
         kaKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1729105669; x=1729710469;
        h=message-id:in-reply-to:to:references:date:subject:mime-version
         :content-transfer-encoding:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=4TqFlnth4tBDXS9sylm3OOjqQn/la0rzrQwgOhXdDYQ=;
        b=TMYPv2/ZLcBUedZNH2lnjAAnzdLqYBAEkYip4Yfp/5PKIfeAxCOYVDaxQjADLUE71W
         3k4qL/8nEhuih2dAAxpuClRxjBrcnW/lRZWwHMzoYNgqrrPCyLvyn7do9roSQ7C+U6A9
         Y4ynUxhfqwucPPtM7qgvgY2t+3ODEn6HjXpSLtnuzr6unOpnfbRZ5qhr3roaVjQC38/I
         MKzXX9i7GuhP2kVSt6jEOOcFv1txLGYwG6rfHiK0WFYvvGKbOX0Vyy8GhW+htfLpB+V/
         7a6q1HlNpxBxp+C+eOPgj+O3OLONKGuTkd7k86pM8tEHpDR14ziZtrK/qWYNVTcx4mt+
         Mhbw==
X-Gm-Message-State: AOJu0Yw9sA0DqzWJpq9JjBb065s9cVEL+hzo+FuON0HRtlrnmNkA/B3N
	u/h6Jsuuqs8ms7E2biV9wcl+xpVqcvi4SggbGU5hhviZRAd8xjXDOfcbEQ==
X-Google-Smtp-Source: AGHT+IFc5YJNn5zgR5SlVJOtW47Z5LaJ9m9q1ty26Kg5zGX8em2aT66fytci196eM9kRr8fGIJWv5g==
X-Received: by 2002:a05:6358:2486:b0:1c2:f4e9:6789 with SMTP id e5c5f4694b2df-1c32bd0bd81mr1274588255d.27.1729105669412;
        Wed, 16 Oct 2024 12:07:49 -0700 (PDT)
Received: from smtpclient.apple (97-117-89-67.slkc.qwest.net. [97.117.89.67])
        by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6cc2295a367sm20829206d6.90.2024.10.16.12.07.48
        for <pgsql-general@postgresql.org>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 16 Oct 2024 12:07:48 -0700 (PDT)
From: Matthew Tice <mjtice@gmail.com>
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51\))
Subject: Re: What are best practices wrt passwords?
Date: Wed, 16 Oct 2024 13:07:37 -0600
References: <87o73kgzkd.fsf@mbork.pl>
 <CAFCRh-8dM4bLGTKcv1v5wC9guhY_b5G=6w-ivHM4UJGwMUyWaA@mail.gmail.com>
 <87frowggzq.fsf@mbork.pl> <Zw_qvUHTC98XcGa6@momjian.us>
 <186766.1729097245@sss.pgh.pa.us>
 <B3A1837B-FA96-42A4-A6D4-949E93EB267C@thebuild.com>
To: pgsql-general@postgresql.org
In-Reply-To: <B3A1837B-FA96-42A4-A6D4-949E93EB267C@thebuild.com>
Message-Id: <2BB7312C-B811-4B16-B5BD-313582980112@gmail.com>
X-Mailer: Apple Mail (2.3776.700.51)
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/2BB7312C-B811-4B16-B5BD-313582980112%40gmail.com>
Precedence: bulk



> On Oct 16, 2024, at 10:50=E2=80=AFAM, Christophe Pettus =
<xof@thebuild.com> wrote:
>=20
>=20
>=20
>> On Oct 16, 2024, at 09:47, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> I believe it depends on your platform --- some BSDen are pretty
>> permissive about this, if memory serves.  On a Linux box it seems
>> to work for processes owned by yourself even if you're not superuser.
>=20
> I just tried it on an (admittedly kind of old) Ubuntu system and MacOS =
14, and it looks like shows everything owned by everyone, even from a =
non-sudoer user.
>=20
Interesting, that=E2=80=99s not my experience.  Only root can see the =
env variables of another user.

Terminal 1

$ cat /etc/os-release
NAME=3D"Ubuntu"
VERSION=3D"20.04.6 LTS (Focal Fossa)"
ID=3Dubuntu
ID_LIKE=3Ddebian
PRETTY_NAME=3D"Ubuntu 20.04.6 LTS"
VERSION_ID=3D"20.04"
HOME_URL=3D"https://www.ubuntu.com/"
SUPPORT_URL=3D"https://help.ubuntu.com/"
BUG_REPORT_URL=3D"https://bugs.launchpad.net/ubuntu/"
=
PRIVACY_POLICY_URL=3D"https://www.ubuntu.com/legal/terms-and-policies/priv=
acy-policy"
VERSION_CODENAME=3Dfocal
UBUNTU_CODENAME=3Dfocal

$ whoami
testusr

$ export FOOBAR=3Dtrue

$ bash

$ env | grep FOOBAR
FOOBAR=3Dtrue

Terminal 2
$  whoami
mtice

$  ps e -U testusr | grep -c FOOBAR
0

$  sudo ps e -U testusr | grep -c FOOBAR
1