Return-Path: pg_adm@postgres.berkeley.edu
Received: by postgres.Berkeley.EDU (5.61/1.29)
	id AA00929; Fri, 8 Nov 91 03:51:53 -0800
Date: Fri, 8 Nov 91 03:51:53 -0800
Message-Id: <9111081151.AA00929@postgres.Berkeley.EDU>
From: tom@izf.tno.nl (Tom Vijlbrief)
Subject: Re: Postgres security
To: postgres@postgres.berkeley.edu
Sender: pg_adm@postgres.berkeley.edu



	Hi,

	I've just installed postgres on a Sun and I'm looking at the possibility of
	using postgres as a database server for an user accounting system I'm
	writing. I built libpq on a Convex 3220 and I wrote a sample program on
	the Convex to access a demo database on the Sun. Everything works great.

	My question is: Does postgres do any kind of security checks to prevent
	unauthorized users from accessing another users database. There did not
	appear to be anykind of checks to prevent me from reading the database on
	the Sun.

A related problem is the filemodes in the data/base directories.

File modes used to be 755 (directory) and 600 (files) in older versions
as I remember correctly.

Today:

drwxrwxrwx  2 postgres     1536 Nov  8 12:08 ./
drwxr-xr-x  8 postgres      512 Nov  7 14:43 ../
-rw-rw-rw-  1 postgres    32768 Nov  8 12:07 .nfs7B21
-rw-rw-rw-  1 postgres    32768 Nov  8 12:07 .nfs8B21
-rw-rw-rw-  1 postgres    16384 Nov  8 12:08 .nfs9B21
-rw-rw-rw-  1 postgres    16384 Nov  8 12:08 .nfsAB21
-rw-r--r--  1 postgres        4 Oct  7 09:59 PG_VERSION
-rw-rw-rw-  1 postgres        0 Nov  8 12:07 ap_529408
-rw-rw-rw-  1 postgres        0 Oct 15 16:27 bigcity
-rw-rw-rw-  1 postgres   122880 Oct  7 13:55 borders
-rw-rw-rw-  1 postgres    24576 Oct  7 12:33 bordersindex
-rw-rw-rw-  1 postgres    40960 Oct 15 16:09 bordersmap
-rw-rw-rw-  1 postgres    24576 Oct 15 14:39 bordersmapindex
-rw-rw-rw-  1 postgres   147456 Oct 29 06:45 cities
-rw-rw-rw-  1 postgres   270336 Nov  8 10:55 col1
-rw-rw-rw-  1 postgres        0 Oct 15 16:27 distview
-rw-rw-rw-  1 postgres     8192 Oct 19 06:45 dynamic
-rw-rw-rw-  1 postgres     8192 Nov  8 12:07 geo_active_apr
-rw-rw-rw-  1 postgres     8192 Nov  8 12:07 geo_ap
-rw-rw-rw-  1 postgres     8192 Oct  7 13:54 geo_colors
-rw-rw-rw-  1 postgres     8192 Nov  1 06:45 geo_dyninfo
-rw-rw-rw-  1 postgres    16384 Oct  7 13:55 geo_icons
 
and

-rw-r--r--  1 postgres    32768 Nov  8 12:07 pg_class
-rw-r--r--  1 postgres     8192 Oct 31 06:45 pg_index
-rw-r--r--  1 postgres        0 Oct  7 09:59 pg_inheritproc
-rw-r--r--  1 postgres     8192 Oct 15 16:09 pg_inherits
-rw-r--r--  1 postgres     8192 Oct 15 16:09 pg_ipl
-rw-r--r--  1 postgres     8192 Oct  7 13:54 pg_language
-rw-r--r--  1 postgres     8192 Oct  7 13:54 pg_opclass
-rw-r--r--  1 postgres    24576 Oct 16 06:45 pg_operator
-rw-r--r--  1 postgres     8192 Oct  7 13:54 pg_parg
-rw-r--r--  1 postgres        0 Oct  7 09:59 pg_platter
-rw-r--r--  1 postgres        0 Oct  7 09:59 pg_plmap
-rw-r--r--  1 postgres    40960 Oct 16 06:45 pg_proc

So system relations are ok (created by createdb) but user relations
(created by create) are incorrect....


Tom