public inbox for [email protected]
help / color / mirror / Atom feedFrom: Justin Pryzby <[email protected]>
To: Markus Bräunig <[email protected]>
Cc: Devrim Gündüz <[email protected]>
Cc: [email protected]
Subject: Re: /var/lib/pgsql 0755
Date: Thu, 27 May 2021 13:50:25 -0500
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
On Thu, May 27, 2021 at 06:40:40PM +0000, Markus Bräunig wrote:
> I thought as long as /v/l/p is the homedir of postgres user we should be carefully with changes like this.
I think you mean that you do things like "sudo -iu postgres" to open an
interactive shell. Probably because you want to "cd" into the dir and "ls".
I imagine that's common, but is itself strange to me. You can just "ls" the
dir without sudo without opening an interactive shell, and do anything else,
too. Which is safer (avoids the risk of then leaving the shell opened or
running as the wrong user in the wrong window) and avoids starting down the
path of running around the system putting on different users' "hats".
System users like this are for running their specific daemon, for isolation
purposes and not for running interactive shells. It shouldn't have a password
set, either.
> We normally shift the data dir to other places and the log files as well. For the logfiles we use a separate group combined with a sgid bit
--
Justin
view thread (4+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: /var/lib/pgsql 0755
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox