On Friday 18 November 2005 16:41, Sam Drinkard wrote:
> James B. Byrne wrote:
> >I have discovered that the default init script distributed with
> >pgsql v8.1 sets the listening port to 5432 but does not enable
> >tcp/ip connections. One must add the -i switch to the invocation
> >line in the script.
As one of the authors of that initscript, I can state with certainty that is
is intentional and by design. (See Craig's followups for why; you nailed the
reasons, Craig).
> >I am not sure if this is an oversight or
> >whether there is another way to tell postmaster to start with
> >tcp/ip listening enabled that I am unaware of.
This has already been answered in this thread. Previously, the tcpip_socket
parameter was used, but was changed (CVSweb for
src/backend/utils/misc/postgresql.conf.sample):
++++++++++++++++++++++
Revision 1.109: download - view: text, markup, annotated - select for diffs
Tue Mar 23 01:23:48 2004 UTC (19 months, 4 weeks ago) by tgl
Branches: MAIN
Diff to previous 1.108: preferred, colored
Changes since revision 1.108: +3 -3 lines
Replace the virtual_host and tcpip_socket parameters with a unified
listen_addresses parameter, as per recent discussion. The default behavior
is now to listen on localhost, which eliminates the need for the -i
postmaster switch in many scenarios.
Andrew Dunstan
++++++++++++++++++++++
> >However, I thought
> >that this information might be of interest to anyone else running a
> >non-distro version of pgsql.
This is true for the distro versions after the above mentioned change.
Note that the CentOS default 7.4 PostgreSQL uses tcpip_socket instead of
listen_addresses, but that the default initscript still doesn't start
postmaster with a -i.
> Jim, also be aware that there is a non-password login from root on that
> distro, as well as the CentOS version. I found out the hard way after
> being compromised by some idiot portscanning me. No damage, but thought
> it odd to have a password-less service open to the world.
This is why -i was made non-default back in PostgreSQL 6.5 days. If the
postgres database superuser were to be created by default with a password,
then that password would also be well-known (search the pgsql-hackers list
archives for some of the many discussions on this topic from the past).
Thus, the PostgreSQL developers (myself included once I became RPM
maintainer) decided to make TCP/IP listening not the default (it was already
the default in the tarball distribution, and I decided to continue this in
the RPM). This behavior is now different as of version 8 due to
listen_addresses (see Andrew's comment in the CVS log entry above), as now it
defaults to listening on localhost only (fixing the most common instance of a
local php process accessing localhost:5432).
You will find me (at one of my other e-mail addresses) listed in many of those
files, and at http://www.postgresql.org/developer/bios so this is one area I
actually know a little about. Not a lot; but a little nonetheless.
--
Lamar Owen
Director of Information Technology
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC 28772
(828)862-5554
www.pari.edu
