On Mon, Jul 13 2009, Krishnakant wrote:
On Mon, 2009-07-13 at 13:53 +0530, Raj Mathur wrote:
On Monday 13 Jul 2009, Krishnakant wrote:
[snip] I have been trying to make a demon for gnukhata's server and want it to run as the postgres user.
Bad idea. Please let the install script create a separate system user for gnukhata and enable that user to create databases, etc. in PgSQL. Running as the postgres user is _strongly_ deprecated.
But this is what postgresql developres themselves are recommending. I personally know and even met of of the core developers of pg and he is also a consultent. He told me that the best thing to do is keep the postgres user as dedicated user which can access the database from only localhost. then you can have the xmlrpc server run on that same machine and so the remote clients just can't access the database directly, because the access is denyed.
And running the xmlrpc server as a dedicated user, which only has access to the set of databases that it needs, is strictly better, and more secure, than openiong the full privileges of the postgres user.
Frankly, I am underwhelmed by the security acument of the said consultant developer.
manoj