owned by postgres, doing "pg_ctl start" as root could allow a privilege
escalation attack, as pointed out by iDEFENSE. Of course the postmaster would
fail, but we ought to fail a little sooner to protect sysadmins unfamiliar
with Postgres. The chosen fix is to disable root use of pg_ctl in all cases,
just to be confident there are no other holes.
#
#
# IDENTIFICATION
-# $Header: /cvsroot/pgsql/src/bin/pg_ctl/Attic/pg_ctl.sh,v 1.25 2001/09/29 03:09:32 momjian Exp $
+# $Header: /cvsroot/pgsql/src/bin/pg_ctl/Attic/pg_ctl.sh,v 1.25.2.1 2004/10/22 00:24:39 tgl Exp $
#
#-------------------------------------------------------------------------
po_path="$PGPATH/postmaster"
+if [ `$PGPATH/pg_id -u` -eq 0 ]
+then
+ echo "$CMDNAME: cannot be run as root" 1>&2
+ echo "Please log in (using, e.g., \"su\") as the (unprivileged) user that will" 1>&2
+ echo "own the server process." 1>&2
+ exit 1
+fi
+
wait=
wait_seconds=60
logfile=
projects / postgresql.git / commitdiff