Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1lmL5Y-0008AZ-4F
	for pgsql-pkg-yum@arkaria.postgresql.org; Thu, 27 May 2021 18:50:36 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1lmL5X-0007z5-0f
	for pgsql-pkg-yum@arkaria.postgresql.org; Thu, 27 May 2021 18:50:35 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pryzby@telsasoft.com>)
	id 1lmL5W-0007yx-QW
	for pgsql-pkg-yum@lists.postgresql.org; Thu, 27 May 2021 18:50:34 +0000
Received: from mail-oo1-xc35.google.com ([2607:f8b0:4864:20::c35])
	by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.92)
	(envelope-from <pryzby@telsasoft.com>)
	id 1lmL5Q-0004uC-SV
	for pgsql-pkg-yum@postgresql.org; Thu, 27 May 2021 18:50:33 +0000
Received: by mail-oo1-xc35.google.com with SMTP id
 j26-20020a4adf5a0000b029020eac899f76so344528oou.7
        for <pgsql-pkg-yum@postgresql.org>;
 Thu, 27 May 2021 11:50:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=telsasoft-com.20150623.gappssmtp.com; s=20150623;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:content-transfer-encoding:in-reply-to
         :user-agent;
        bh=hYMC+OQf3Qd1ICqyldiazX1gS5KTq6e5GF+zR8IfIME=;
        b=DI9aonBo0WASKWVJVHJrkWGnKRkzu4CtmUgDiOMNPDZCD5LloN2hAEBw/KksOBq6dv
         Gm3gU9NIWrZQQHX1yArJapn88aNz7Va3oTVY0Ta+xIRsJql8YioELrWV12CZu9Q13Q4Z
         rc8PKmklH/g61R/tDVKEaa4Cs4MJicEKQbY7jinQgGkdAcQh6w0pvyMYFLleX+TZ6WjF
         gq/0hyPZ+6N5hviTdTdOTI4Aa+qV7E7tiVkrIlgAFTWLRPpAVW84Th2fGc2u6/fJmCt0
         s/e56KQmzUdOKwiAz0kM5BkZILvCegUiqezj8uZtKPBaHq0RA9KE9TwyGa2ttlP9FKsa
         cgUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:content-transfer-encoding
         :in-reply-to:user-agent;
        bh=hYMC+OQf3Qd1ICqyldiazX1gS5KTq6e5GF+zR8IfIME=;
        b=hC3/PwSLwdzBmXqFOLlfkjqulOzCfv5WnvXUxQ8DKGHD/Tda3TJT8DF8pZvM8Uh2D/
         uquzfcYKAOlEdRPCB5EI9g9k9YGu1IWmGahfPGt9qiriWS5aREpvbq8Q+zx7B6WGOHXe
         FJ6wfvA0uK2RVcxr4Cl8clKDXC/1aNvTRkRZU/zXhXtrsSo7/6aKHZzj8YPjeqdsvxBN
         PfzTbc1McJzgYiNIa+rkT2b/aiAUvONjmm5k2tsAQ7OKnr3x5B3GOLLcBCU/ZqNJw115
         eN1OzuNA4zW4eBhzNarxSeDxMlGbI0Aql4fS75T6x+2FlRGXh7xZWSM5u4e8GH+tU1KR
         SFyA==
X-Gm-Message-State: AOAM533AikxtOqqgwgmxCbmLICQ3vCnLpeQHqjP5343tsq9RymbdQuah
	k2K6kMHqilFF7o1yBofZHh/wrEbGLEmvtA==
X-Google-Smtp-Source: 
 ABdhPJyVCyP6Hkn9ieQrVrfye3a3Y6XSq+vsM6/U3muuy2fje3/arin4fQ9RnDeYUNYgkVh89l/amw==
X-Received: by 2002:a05:6820:1048:: with SMTP id
 x8mr3863295oot.16.1622141427532;
        Thu, 27 May 2021 11:50:27 -0700 (PDT)
Received: from pryzbyj.telsasoft (charmander.telsasoft.com. [50.244.222.1])
        by smtp.gmail.com with ESMTPSA id
 w13sm656143otp.10.2021.05.27.11.50.26
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 27 May 2021 11:50:26 -0700 (PDT)
Received: by pryzbyj.telsasoft (Postfix, from userid 1000)
	id 951AB800941; Thu, 27 May 2021 13:50:25 -0500 (CDT)
Date: Thu, 27 May 2021 13:50:25 -0500
From: Justin Pryzby <pryzby@telsasoft.com>
To: Markus =?iso-8859-1?Q?Br=E4unig?= <markus@braeunig.biz>
Cc: Devrim =?iso-8859-1?B?R/xuZPx6?= <devrim@gunduz.org>,
	pgsql-pkg-yum@postgresql.org
Subject: Re: /var/lib/pgsql 0755
Message-ID: <20210527185025.GD2082@telsasoft.com>
References: <20210527180353.GC2082@telsasoft.com>
 <014AB2AF-9AD3-44A9-BECC-EB3F1348E424@braeunig.biz>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <014AB2AF-9AD3-44A9-BECC-EB3F1348E424@braeunig.biz>
User-Agent: Mutt/1.9.4 (2018-02-28)
List-Id: <pgsql-pkg-yum.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-yum@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-yum-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-yum>
Archived-At: 
 <https://www.postgresql.org/message-id/20210527185025.GD2082%40telsasoft.com>
Precedence: bulk

On Thu, May 27, 2021 at 06:40:40PM +0000, Markus Bräunig wrote:
> I thought as long as /v/l/p is the homedir of postgres user we should be carefully with changes like this. 

I think you mean that you do things like "sudo -iu postgres" to open an
interactive shell.  Probably because you want to "cd" into the dir and "ls".

I imagine that's common, but is itself strange to me.  You can just "ls" the
dir without sudo without opening an interactive shell, and do anything else,
too.  Which is safer (avoids the risk of then leaving the shell opened or
running as the wrong user in the wrong window) and avoids starting down the
path of running around the system putting on different users' "hats".

System users like this are for running their specific daemon, for isolation
purposes and not for running interactive shells.  It shouldn't have a password
set, either.

> We normally shift the data dir to other places and the log files as well. For the logfiles we use a separate group combined with a sgid bit 

-- 
Justin