 | |
Newbie Security Questions
comp.databases.postgresql comp.databases.postgresql
 |
| | Thread Tools | Display Modes |
#1
 
| |||
| |||
|
Newbie Security Questions -
12-07-2010
, 02:49 PM
#2
| |||||
| |||||
|
|
Can I remove postgres (the user) from pg_hba? |
Quote:
|
Can I lock the unix postgres account; i.e. set its login shell to /sbin/ nologin? |
Quote:
|
Can I drop the postgres database? |
but if it does you could use SQL instead.
Quote:
|
Can I drop the schemata "public"? |
Quote:
|
If there is a FAQ, please could someone point to it. |
doesn't seem to mention any of the above.
-M-
#3
| |||
| |||
|
|
HoneyMonster <someone (AT) someplace (DOT) invalid> wrote: Can I remove postgres (the user) from pg_hba? Yes. Can I lock the unix postgres account; i.e. set its login shell to /sbin/ nologin? Yes. Can I drop the postgres database? Yes. It might cause trouble with command-line tools like 'createuser', but if it does you could use SQL instead. Can I drop the schemata "public"? Yes. If there is a FAQ, please could someone point to it. There's a FAQ at http://wiki.postgresql.org/wiki/FAQ , though it doesn't seem to mention any of the above. Thanks, Matthew. |
#4
| |||
| |||
|
|
Can I lock the unix postgres account; i.e. set its login shell to /sbin/ nologin? |
be generated by Unix hashing function. That means that the only way to
log in would be doing "su - postgres" as root. You don't really want to
close that option.
--
http://mgogala.byethost5.com
#5
| |||
| |||
|
|
On Tue, 07 Dec 2010 20:49:26 +0000, HoneyMonster wrote: Can I lock the unix postgres account; i.e. set its login shell to /sbin/ nologin? My advice would be to set the password to '****', character '*' cannot be generated by Unix hashing function. That means that the only way to log in would be doing "su - postgres" as root. You don't really want to close that option. |
test cluster, but I found that the postmaster wouldn't start at boot if
the postgres unix account was disabled, as the init script contains
'su' (actually 'runuser' for SELinux).
I think I'll adopt your suggestion.
#6
| |||
| |||
|
|
As a refugee from the big bad O, I am looking at Postgres. |
you need optimizer hints. There is a fatwa against optimizer hints in the
Postgres community. Case closed. Postgres distrusts its users deeply and
is unwilling to provide them with the tools to control the optimizer,
available with all other major databases. You're either supposed to get a
programming guru to write a custom patch or to go with a commercial
version which, incidentally, has hints.
If you don't want to start the development from scratch, Postgres is not
an option for the Oracle users. I wasted a year until I have realized
that.
--
http://mgogala.byethost5.com
|
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.