On Tue, October 28, 2008 05:57, Tom Lane wrote: > Sam Mason <sam@xxxxxxxxxxxxx> writes: >> On Tue, Oct 28, 2008 at 10:42:47AM +0100, Thomas wrote: >>> An easy trick I have found to set postgres password: $ sudo passwd >>> postgres, and now you can type a new password. So now you can switch >>> user with: $ su postgres, and then connect to the DB with psql. > >> Won't that allow logins to the postgres account then? > > True, but that might be safer overall than giving out sudo privileges. > If the sysadmin and the DBA are the same person it hardly matters, > but if you want the DBA to not have root, then giving him a password for > the postgres account is the best way. So it all depends on your > local situation ... > > regards, tom lane > Wouldn't it be better to add the line 'sudo su - postgres' as the entry (command) for the user(s) in the sudoers file? This would specifically limit the user(s) to only being able to change to the postgres user's context. I think this goes to overall system security, just like the security methods wrapped around PostgreSQL itself. Weakening system security is no different than weakening access to the database. Tim -- Timothy J. Bruce Registered Linux User #325725 -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
