[Pkg-postgresql-private] Re: Bug#256194: postgresql: init.d script dont't work without shell
Martin Pitt
martin@piware.de
Sat, 10 Jul 2004 01:13:02 +0200
--IJpNTDwzlM2Ie8A6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi!
On 2004-06-25 13:23 +0200, reportbug@G-B.it wrote:
> For security reson I'm changing the shell for the user postgres to "/bin/=
false"
> Now /etc/init.d/postgresql script don't fire-up postmaster.=20
> My solution to the problem is:
>=20
> root@Argo:~# diff /etc/init.d/postgresql /etc/init.d/postgresql.dpkg-new
> 21,24c21
> < # /sbin/start-stop-daemon --pidfile $PGDATA/postmaster.pid --chu=
id postgres --startas /usr/lib/postgresql/bin/postgresql-startup --start
> < /sbin/start-stop-daemon --pidfile $PGDATA/postmaster.pid \
> < --startas /bin/su --start -- \
> < -s /bin/sh -c /usr/lib/postgresql/bin/postgresql-startup =
- postgres
> ---
> > /sbin/start-stop-daemon --pidfile $PGDATA/postmaster.pid --chui=
d postgres --startas /usr/lib/postgresql/bin/postgresql-startup --start
Does anybody see any problem with this patch? IMHO it looks
reasonable. I don't really see the benefit of setting postgres' shell
to false since postgres cannot directly login anyway, but OTOH the
thing above does not hurt.
Thanks,
Martin
--=20
Martin Pitt Debian GNU/Linux Developer
martin@piware.de mpitt@debian.org
http://www.piware.de http://www.debian.org
--IJpNTDwzlM2Ie8A6
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org
iD8DBQFA7yZ+DecnbV4Fd/IRAg11AJkBqeT6G8/sULAY4+x3+ZNGoWc5BwCfWMFm
N4tfSZGrSjf8LWZP60oTqAw=
=oOvw
-----END PGP SIGNATURE-----
--IJpNTDwzlM2Ie8A6--