compatibility improvement for postgresql82-server

[apinstein@…]

For starting/stopping the server, you should do:

instead of

  su postgres -c "${PGCTL} -D ${POSTGRESQL82DATA:=/opt/local/var/db/postgresql82/defaultdb} start -l /opt/local/var/log/postgresql82/postgres.log"

do

  sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' | ${LOGUTIL} '${PGLOG}' ${ROTATESEC} &"

The latter is the postgresql way now, and doesn't require the "postgres" user to have a login shell, which is more secure.

Also, when creating the "postgresql" user, set the shell to /usr/bin/false.

[ryandesign (Ryan Carsten Schmidt)]

Sounds like a good idea. Assigning to / Cc'ing maintainer.

[apinstein@…]

Thanks! Yeah, for what it's worth, we discovered this when installing macports postgres on a box where a different postgres had already been installed from source and installed according to the postgres instructions. So the system already had a "postgres" user with no shell, and the MacPorts postgres wouldn't run. The su vs sudo thing didn't cause any error messages to be shown, either, so it took a few hours to realize what was going on. Hopefully this will help save others some time and be more secure.

[apinstein@…]

OH also one more thing, will this info make it into the other postgresql8x ports? Or do I need to report the bug there as well...

[(none)]

Milestone Port Enhancements deleted

[blb@…]

Cc reporter of dup #19972.

[mf2k (Frank Schima)]

See #53012.