Ticket #14083 (new enhancement)
compatibility improvement for postgresql82-server
| Reported by: | apinstein@… | Owned by: | mww@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 1.6.0 |
| Keywords: | Cc: | jwa@…, Jonathan.Beall@… | |
| Port: | postgresql82-server |
Description (last modified by jmpp@…) (diff)
For starting/stopping the server, you should do:
instead of
su postgres -c "${PGCTL} -D ${POSTGRESQL82DATA:=/opt/local/var/db/postgresql82/defaultdb} start -l /opt/local/var/log/postgresql82/postgres.log"
do
sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' | ${LOGUTIL} '${PGLOG}' ${ROTATESEC} &"
The latter is the postgresql way now, and doesn't require the "postgres" user to have a login shell, which is more secure.
Also, when creating the "postgresql" user, set the shell to /usr/bin/false.
Change History
comment:1 Changed 5 years ago by jmpp@…
- Type changed from defect to enhancement
- Description modified (diff)
- Milestone set to Port Enhancements
comment:2 Changed 5 years ago by ryandesign@…
- Owner changed from macports-tickets@… to mww@…
- Cc jwa@… added
Sounds like a good idea. Assigning to / Cc'ing maintainer.
comment:3 Changed 5 years ago by apinstein@…
Thanks! Yeah, for what it's worth, we discovered this when installing macports postgres on a box where a different postgres had already been installed from source and installed according to the postgres instructions. So the system already had a "postgres" user with no shell, and the MacPorts postgres wouldn't run. The su vs sudo thing didn't cause any error messages to be shown, either, so it took a few hours to realize what was going on. Hopefully this will help save others some time and be more secure.
comment:4 Changed 5 years ago by apinstein@…
OH also one more thing, will this info make it into the other postgresql8x ports? Or do I need to report the bug there as well...