| Lists: | pgsql-admin |
|---|
| From: | Cliff Pratt <enkiduonthenet(at)gmail(dot)com> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Postgres user with a shell of /bin/false |
| Date: | 2009-05-22 03:51:42 |
| Message-ID: | 9adabaf40905212051l58666e70w8d75ea394acc176@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-admin |
I've browsed my history of the list, and the Internet for information
regarding giving the unix 'postgres' user a shell of /bin/false, so
that it cannot be logged into directly. It seems from my research that
if I set the user's shell to /bin/false it will not prevent the
running of postgres itself.
Before I start changing the postgres Unix users, can someone please
confirm that this will work, and any 'gotchas' I might have missed.
Obviously there are ways to circumvent this, I know.
Cheers,
Cliff
| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Cc: | Cliff Pratt <enkiduonthenet(at)gmail(dot)com> |
| Subject: | Re: Postgres user with a shell of /bin/false |
| Date: | 2009-05-22 13:49:05 |
| Message-ID: | 200905221649.05873.peter_e@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-admin |
On Friday 22 May 2009 06:51:42 Cliff Pratt wrote:
> I've browsed my history of the list, and the Internet for information
> regarding giving the unix 'postgres' user a shell of /bin/false, so
> that it cannot be logged into directly. It seems from my research that
> if I set the user's shell to /bin/false it will not prevent the
> running of postgres itself.
I think it could work, but I don't think it is to be recommended. Sometimes
you want to log in as that user to be able to do certain types of special
administration or fixes. For example, if you ever need to run pg_resetxlog,
you probably want to be logged in as postgres, unless you are very confident
that your su or sudo invocations are correct and don't mess up the permissions
of the database directory in strange ways.
Maybe disabling the password of the account and allowing login only via sudo
is close to what you want, but ends up being more flexible.
| From: | Scott Mead <scott(dot)lists(at)enterprisedb(dot)com> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-admin(at)postgresql(dot)org, Cliff Pratt <enkiduonthenet(at)gmail(dot)com> |
| Subject: | Re: Postgres user with a shell of /bin/false |
| Date: | 2009-05-22 16:03:06 |
| Message-ID: | d3ab2ec80905220903v559bf77aw31b4d40af62d8982@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-admin |
On Fri, May 22, 2009 at 9:49 AM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> On Friday 22 May 2009 06:51:42 Cliff Pratt wrote:
> > I've browsed my history of the list, and the Internet for information
> > regarding giving the unix 'postgres' user a shell of /bin/false, so
> > that it cannot be logged into directly. It seems from my research that
> > if I set the user's shell to /bin/false it will not prevent the
> > running of postgres itself.
>
> I think it could work, but I don't think it is to be recommended.
> Sometimes
> you want to log in as that user to be able to do certain types of special
> administration or fixes. For example, if you ever need to run
> pg_resetxlog,
> you probably want to be logged in as postgres, unless you are very
> confident
> that your su or sudo invocations are correct and don't mess up the
> permissions
> of the database directory in strange ways.
>
> Maybe disabling the password of the account and allowing login only via
> sudo
> is close to what you want, but ends up being more flexible.
It will work, the only problem you'll run into is the startup scripts.
Typically (and this depends on the package you're using), your startup
script is probably using 'su postgres' to run pg_ctl. You would need to
modify that line to use 'su -c /bin/sh .... ' or something of the like to
have those scripts work.
--Scott
>
>
> --
> Sent via pgsql-admin mailing list (pgsql-admin(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-admin
>
| From: | "Reko Turja" <reko(dot)turja(at)liukuma(dot)net> |
|---|---|
| To: | "Cliff Pratt" <enkiduonthenet(at)gmail(dot)com>, <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Postgres user with a shell of /bin/false |
| Date: | 2009-05-25 10:22:55 |
| Message-ID: | 154EA15B2ACE49B6B4AD65248376F81A@rivendell |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-admin |
> I've browsed my history of the list, and the Internet for
> information
> regarding giving the unix 'postgres' user a shell of /bin/false, so
> that it cannot be logged into directly. It seems from my research
> that
> if I set the user's shell to /bin/false it will not prevent the
> running of postgres itself.
In at least FreeBSD, the standard ports way of setting PGSQL user to
use /usr/bin/nologin as shell works well enough. You get the regular
shell interface from SU'ing or sudoing into account, but you cannot
login into box directly.
Is the nologin "shell" BSD only feature though?
-Reko