On Apr 2, 2010, at 10:28 AM, Craig Ringer wrote:
b) Run as your user. What if you remove the user later - crunch,
your database just broke. If Pg was attacked successfully, the
attacker wouldn't get root ... but they would get the ability to
access and delete all your files.
Arguably (b) is an acceptable non-admin-install option for Mac OS X
systems for non-production use with unimportant test data you can
afford to lose. I'm not convinced it's a good idea, though.
First, I ask forgiveness for ignorance.
Second, the characterization in your second quoted paragraph is near-
sighted.
"Mac OS X systems for non-production use" means that I don't run a car
rental company. I don't. But "non-production"? Well, I use postgres
for things that are extremely important to me. What's more, I intend,
in the very near future, to have postgres as the back-end to an
internet system that will hopefully be in use by 85,000 French nursing
students, which I suppose is a form of "production". And when I load
the tables into the postgres implementation of whatever ISP I choose,
all the meshugas around permissions will disappear as far as I'm
concerned.
But "unimportant test data you can afford to lose"? Please. Anyone
who uses any database system for more than 10 minutes regards his or
her data as important and definitely not affordable to lose. I have
triply redundant back-up for my data. And the only reason I know that
'postgres' owns my data (or did) is that I wanted to back up the
files. Why else would I know?
Apple has a "database" product which is intended for individuals and
their data. It is called Bento. It has a charming interface and it
does what it does well. No chain of pain.
But there is one teeny, tiny problem. It's a ridiculous ersatz iTunes
clone that has nothing to do with databases. And, like everything
else in modern interfaces, the back-end is sqlite which doesn't cut it
one little bit. Bento files are sqlite files accessible by sqlite.
So you might as well run sqlite in the first place and get it over
with, but that's only if you're not really interested in a database.
Postgres, on the other hand, fully supports regular expressions, sql,
etc. etc. etc. etc. Postgres' clients psql and pgAdmin are perfectly
extraordinary. And finally the support in the embodiment of this list
is unbelievable. Incredible.
I don't think that b) is necessarily acceptable. But if it isn't,
then I really and truly wish that the very traditional way that
postgres wants to set itself up were more transparent and
controllable. It is a wish. Perhaps a fantasy. But a fantasy is a
wish (S. Freud).
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general