On Friday 22 May 2009 06:51:42 Cliff Pratt wrote: > I've browsed my history of the list, and the Internet for information > regarding giving the unix 'postgres' user a shell of /bin/false, so > that it cannot be logged into directly. It seems from my research that > if I set the user's shell to /bin/false it will not prevent the > running of postgres itself. I think it could work, but I don't think it is to be recommended. Sometimes you want to log in as that user to be able to do certain types of special administration or fixes. For example, if you ever need to run pg_resetxlog, you probably want to be logged in as postgres, unless you are very confident that your su or sudo invocations are correct and don't mess up the permissions of the database directory in strange ways. Maybe disabling the password of the account and allowing login only via sudo is close to what you want, but ends up being more flexible. -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
