Participants
Tony Caduto
Tony Caduto
Bill Moran
Bill Moran
Alex Turner
Alex Turner
Attachments
Show all attachments
Thread Outline
#1Tony CadutoTony Caduto
Jun 05, 2006
#2Bill MoranBill Moranto Tony Caduto (#1)
Jun 05, 2006
#3Alex TurnerAlex Turnerto Tony Caduto (#1)
Jun 05, 2006

Is it a big deal to change the user the DB runs under?

Started by Tony Cadutoalmost 20 years ago3 messagesgeneral
Jump to latest
#1Tony Caduto
Tony Caduto
tony_caduto@amsoftwaredesign.com

Just wondering if anyone has done this:
Change the user the DB runs under from postgres to apache on a
established server?
I would think I would just change ownership on all the data dir files
and modify the startup script in /etc/init.d/postgresql.

Reason is I need a plperlu procedure to generate a dir listing for a
Kylix CGI web app and the directories in question are limited to the
user and group apache,
hence my plperlu proc can't list the contents. I also can't set the
other permissions because I don't want any other users peaking around.

Or is there a way to have the plperlu procs to run as a different user?
I have been looking though the plperl docs but have not seen anything
like that.

Thanks,

--
Tony

#2Bill Moran
Bill Moran
wmoran@collaborativefusion.com
In reply to: Tony Caduto (#1)
Re: Is it a big deal to change the user the DB runs

On Mon, 05 Jun 2006 13:21:48 -0500
Tony Caduto <tony_caduto@amsoftwaredesign.com> wrote:

Just wondering if anyone has done this:
Change the user the DB runs under from postgres to apache on a
established server?
I would think I would just change ownership on all the data dir files
and modify the startup script in /etc/init.d/postgresql.

Reason is I need a plperlu procedure to generate a dir listing for a
Kylix CGI web app and the directories in question are limited to the
user and group apache,
hence my plperlu proc can't list the contents. I also can't set the
other permissions because I don't want any other users peaking around.

Sounds dangerous. If someone breaks your web server, they have their run
of the database server as well.

You might want to change group ownership of the cluster directory to apache,
then set the permissions on all those files to be rw by postgres user, and
ro by apache group.

Or is there a way to have the plperlu procs to run as a different user?
I have been looking though the plperl docs but have not seen anything
like that.

Search for setuidperl or suidperl ... not sure which. That will let you
change users after the script starts.

--
Bill Moran
Collaborative Fusion Inc.

#3Alex Turner
Alex Turner
armtuk@gmail.com
In reply to: Tony Caduto (#1)
Re: Is it a big deal to change the user the DB runs under?

could you just add the postgres user to the apache group?

Alex

Show quoted text

On 6/5/06, Tony Caduto <tony_caduto@amsoftwaredesign.com> wrote:

Just wondering if anyone has done this:
Change the user the DB runs under from postgres to apache on a
established server?
I would think I would just change ownership on all the data dir files
and modify the startup script in /etc/init.d/postgresql.

Reason is I need a plperlu procedure to generate a dir listing for a
Kylix CGI web app and the directories in question are limited to the
user and group apache,
hence my plperlu proc can't list the contents. I also can't set the
other permissions because I don't want any other users peaking around.

Or is there a way to have the plperlu procs to run as a different user?
I have been looking though the plperl docs but have not seen anything
like that.

Thanks,

--
Tony

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

http://archives.postgresql.org

← Back to Topics