[Pkg-postgresql-private] Re: Bug#256194: postgresql: init.d script dont't work without shell
Andreas Schuldei
andreas@schuldei.org
Fri, 16 Jul 2004 22:09:31 +0200
* Martin Pitt (martin@piware.de) [040710 01:14]:
> Hi!
>
> On 2004-06-25 13:23 +0200, reportbug@G-B.it wrote:
> > For security reson I'm changing the shell for the user postgres to "/bin/false"
> > Now /etc/init.d/postgresql script don't fire-up postmaster.
> > My solution to the problem is:
> >
> > root@Argo:~# diff /etc/init.d/postgresql /etc/init.d/postgresql.dpkg-new
> > 21,24c21
> > < # /sbin/start-stop-daemon --pidfile $PGDATA/postmaster.pid --chuid postgres --startas /usr/lib/postgresql/bin/postgresql-startup --start
> > < /sbin/start-stop-daemon --pidfile $PGDATA/postmaster.pid \
> > < --startas /bin/su --start -- \
> > < -s /bin/sh -c /usr/lib/postgresql/bin/postgresql-startup - postgres
> > ---
> > > /sbin/start-stop-daemon --pidfile $PGDATA/postmaster.pid --chuid postgres --startas /usr/lib/postgresql/bin/postgresql-startup --start
>
> Does anybody see any problem with this patch? IMHO it looks
> reasonable. I don't really see the benefit of setting postgres' shell
> to false since postgres cannot directly login anyway, but OTOH the
> thing above does not hurt.
wasnt that the change we made to work around the non-executable
files in /tmp (invoking sh instead of the script)?
this patch would re-introduce that bug.