Search Postgresql Archives

Re: How to make PostreSQL utilities honor home directories?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/1/22 6:31 PM, Jeffrey Walton wrote:
On Thu, Sep 1, 2022 at 8:51 PM Tom Lane <tgl@xxxxxxxxxxxxx> wrote:

"Peter J. Holzer" <hjp-pgsql@xxxxxx> writes:
However, the symlink doesn't seem to be the culprit. If I run
% sudo -u postgres -H /usr/lib/postgresql/13/bin/psql
(which is not a symlink)
I get the same behaviour. So it seems that psql changes to its basedir
and then can't change back again.

Ah --- looking closer at that code, it will chdir *before* checking
whether the target file is a symlink, which is probably unnecessarily
stupid.  I'm wondering whether we could drop that logic altogether [1],
but that won't help you today.

I concur with the other person asking why you want to sudo to postgres
at all, though.  It's generally safest if the client side isn't running
as the same user as the server.

The use case is an install of DefectDojo [2]. I _think_ they are
taking advantage of the fact that as root, you don't need to
authenticate because of postgresql's use of domain sockets. (Hat tip
for that, by the way). The installer code will install packages, setup
the database, install the DefectDojo programs, etc.

You are not running as root(Postgres won't allow you do this anyway) you are running as postgres system user and the authentication is handled by pg_hba.conf. I'm also betting that if you look at pg_hba.conf it is set up to do peer authentication and hence the need to be postgres system user. You can obtain a similar result in pg_hba.conf with:

TYPE  DATABASE        USER            ADDRESS                 METHOD
local  all            postgres                                trust

Then you could eliminate the whole sudo dance.

Or set up:

TYPE  DATABASE        USER            ADDRESS                 METHOD
host    postgres      all             <some_host>             scram-
sha-256

if you want password protection.


Jeff

[1] https://www.postgresql.org/message-id/797232.1662075573%40sss.pgh.pa.us
[2] https://github.com/DefectDojo/godojo




--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux