Krishnakant wrote:
On Mon, 2009-07-13 at 13:53 +0530, Raj Mathur wrote:
On Monday 13 Jul 2009, Krishnakant wrote:
[snip] I have been trying to make a demon for gnukhata's server and want it to run as the postgres user.
Bad idea. Please let the install script create a separate system user for gnukhata and enable that user to create databases, etc. in PgSQL. Running as the postgres user is _strongly_ deprecated.
But this is what postgresql developres themselves are recommending. I personally know and even met of of the core developers of pg and he is also a consultent. He told me that the best thing to do is keep the postgres user as dedicated user which can access the database from only localhost.
I think you are confusing the role of the postgres user (which is responsible for running/managing the _postgres_ daemon) and a user that needs to use the DB.
I am assuming that in your case, the gunkhata daemon only needs to use the DB (ie: create, add, update ...etc the gnukhata database). So, in that respect, the gnukhata daemon would be a 'client' or a user in the postgres server.
However, to ensure that the gnukhata daemon which would have the ability to create databases on your postgres server, is isolated, you would ideally create a gnukhata user, like Raj Mathur suggested.
then you can have the xmlrpc server run on that same machine and so the remote clients just can't access the database directly, because the access is denyed.
This bit is correct, but it relates to the user that accesses the database.
HTH, - steve