[pgpool-hackers: 3452] Pgpool-II default startup user
Bo Peng
pengbo at sraoss.co.jp
Thu Oct 10 10:57:16 JST 2019
Hi all,
I made a patch to make the pgpool started using "postgres" user by default.
Currently the Pgpool-II startup user is "root" user.
Because of the security reason, startup Pgpool-II
using non-root user is recommended.
For this reason, I modified "pgpool.service" file to start
Pgpool using "postres" user, and allow "postrges" user to
run "if_up/down_cmd" and "arping_cmd" with sudo without a password.
The default setting of "if_up/down_cmd" and "arping_cmd" is changed:
if_up_cmd = '/usr/bin/sudo /sbin/ip addr add $_IP_$/24 dev enp0s8 label enp0s8:0'
if_down_cmd = '/usr/bin/sudo /sbin/ip addr del $_IP_$/24 dev enp0s8'
arping_cmd = '/usr/bin/sudo /usr/sbin/arping -U $_IP_$ -w 1 -I enp0s8'
This patch also changes all of the config files permission to 600.
--
Bo Peng <pengbo at sraoss.co.jp>
SRA OSS, Inc. Japan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: if_up_down_cmd_v1.patch
Type: application/octet-stream
Size: 25548 bytes
Desc: not available
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20191010/5ac88e4a/attachment-0001.obj>
More information about the pgpool-hackers
mailing list