Re: PAM authentication fails for local UNIX users

Andrew Dunstan wrote:
>
>
> Dhanaraj M wrote:

>>
>> The non-root user does not have the permission to read other unix
>> local user password.
>> I found two solutions:
>>
>> 1. usermod -K defaultpriv=Basic,file_dac_read postgres
>>
>> - Gives privilege to read all files. This solution works. Is it the
>> right way to do?
>>
>> 2. chmod +s processName
>>
>> - This does not work, because postgres never allows this.
>>
>>
>> Is there anyother solution to this problem?
>
> Usage questions really don't belong on -hackers - in future please use
> -general. Both your proposed solutions are utterly insecure.

The problem what Dhanaraj tries to address is how to secure solve problem with
PAM and local user. Other servers (e.g. sshd) allow to run master under root
(with limited privileges) and forked process under normal user. But postgresql
requires start as non-root user. It limits to used common pattern.

There is important question:

Is current requirement to run postgresql under non-root OK? If yes, than we must
update PAM documentation to explain this situation which will never works
secure. Or if we say No, it is stupid limitation (in case when UID 0 says
nothing about user's privileges) then we must start discussion about solution.

>
> See http://itc.musc.edu/wiki/PostgreSQL for some discussion of using
> PAM for postgres auth.

It also offer also same insecure solution to add read permission on shadow for
postgresql user.

Zdenek