[MacPorts] #14083: compatibility improvement for postgresql82-server
#14083: compatibility improvement for postgresql82-server -------------------------------+-------------------------------------------- Reporter: apinstein@mac.com | Owner: macports-tickets@lists.macosforge.org Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 1.6.0 Keywords: | -------------------------------+-------------------------------------------- For starting/stopping the server, you should do: instead of su postgres -c "${PGCTL} -D ${POSTGRESQL82DATA:=/opt/local/var/db/postgresql82/defaultdb} start -l /opt/local/var/log/postgresql82/postgres.log" do sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' | ${LOGUTIL} '${PGLOG}' ${ROTATESEC} &" The latter is the postgresql way now, and doesn't require the "postgres" user to have a login shell, which is more secure. Also, when creating the "postgresql" user, set the shell to /usr/bin/false. -- Ticket URL: <http://trac.macosforge.org/projects/macports/ticket/14083> MacPorts </projects/macports> Ports system for Mac OS
#14083: compatibility improvement for postgresql82-server --------------------------------+------------------------------------------- Reporter: apinstein@mac.com | Owner: macports-tickets@lists.macosforge.org Type: enhancement | Status: new Priority: Normal | Milestone: Port Enhancements Component: ports | Version: 1.6.0 Resolution: | Keywords: --------------------------------+------------------------------------------- Changes (by jmpp@macports.org): * type: defect => enhancement * milestone: => Port Enhancements Old description:
For starting/stopping the server, you should do:
instead of
su postgres -c "${PGCTL} -D ${POSTGRESQL82DATA:=/opt/local/var/db/postgresql82/defaultdb} start -l /opt/local/var/log/postgresql82/postgres.log"
do sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' | ${LOGUTIL} '${PGLOG}' ${ROTATESEC} &"
The latter is the postgresql way now, and doesn't require the "postgres" user to have a login shell, which is more secure.
Also, when creating the "postgresql" user, set the shell to /usr/bin/false.
New description: For starting/stopping the server, you should do: instead of {{{ su postgres -c "${PGCTL} -D ${POSTGRESQL82DATA:=/opt/local/var/db/postgresql82/defaultdb} start -l /opt/local/var/log/postgresql82/postgres.log" }}} do {{{ sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' | ${LOGUTIL} '${PGLOG}' ${ROTATESEC} &" }}} The latter is the postgresql way now, and doesn't require the "postgres" user to have a login shell, which is more secure. Also, when creating the "postgresql" user, set the shell to `/usr/bin/false`. -- Ticket URL: <http://trac.macosforge.org/projects/macports/ticket/14083#comment:1> MacPorts </projects/macports> Ports system for Mac OS
#14083: compatibility improvement for postgresql82-server --------------------------------+------------------------------------------- Reporter: apinstein@mac.com | Owner: mww@macports.org Type: enhancement | Status: new Priority: Normal | Milestone: Port Enhancements Component: ports | Version: 1.6.0 Resolution: | Keywords: --------------------------------+------------------------------------------- Changes (by ryandesign@macports.org): * cc: jwa@macports.org (added) * owner: macports-tickets@lists.macosforge.org => mww@macports.org Comment: Sounds like a good idea. Assigning to / Cc'ing maintainer. -- Ticket URL: <http://trac.macosforge.org/projects/macports/ticket/14083#comment:2> MacPorts </projects/macports> Ports system for Mac OS
#14083: compatibility improvement for postgresql82-server --------------------------------+------------------------------------------- Reporter: apinstein@mac.com | Owner: mww@macports.org Type: enhancement | Status: new Priority: Normal | Milestone: Port Enhancements Component: ports | Version: 1.6.0 Resolution: | Keywords: --------------------------------+------------------------------------------- Comment (by apinstein@mac.com): Thanks! Yeah, for what it's worth, we discovered this when installing macports postgres on a box where a different postgres had already been installed from source and installed according to the postgres instructions. So the system already had a "postgres" user with no shell, and the MacPorts postgres wouldn't run. The su vs sudo thing didn't cause any error messages to be shown, either, so it took a few hours to realize what was going on. Hopefully this will help save others some time and be more secure. -- Ticket URL: <http://trac.macosforge.org/projects/macports/ticket/14083#comment:3> MacPorts </projects/macports> Ports system for Mac OS
#14083: compatibility improvement for postgresql82-server --------------------------------+------------------------------------------- Reporter: apinstein@mac.com | Owner: mww@macports.org Type: enhancement | Status: new Priority: Normal | Milestone: Port Enhancements Component: ports | Version: 1.6.0 Resolution: | Keywords: --------------------------------+------------------------------------------- Comment (by apinstein@mac.com): OH also one more thing, will this info make it into the other postgresql8x ports? Or do I need to report the bug there as well... -- Ticket URL: <http://trac.macosforge.org/projects/macports/ticket/14083#comment:4> MacPorts </projects/macports> Ports system for Mac OS
participants (1)
-
MacPorts