[pgpool-hackers: 3453] Re: Pgpool-II default startup user

[Bo Peng]

> The default setting of "if_up/down_cmd" and "arping_cmd" is changed:
> 
>     if_up_cmd = '/usr/bin/sudo /sbin/ip addr add $_IP_$/24 dev enp0s8 label enp0s8:0'
>     if_down_cmd = '/usr/bin/sudo /sbin/ip addr del $_IP_$/24 dev enp0s8'
>     arping_cmd = '/usr/bin/sudo /usr/sbin/arping -U $_IP_$ -w 1 -I enp0s8'

If if_up/down_cmd or arping_cmd starts with "/", 
the setting specified in "if_cmd_path" or "arping_path" will be ignored. 

On Thu, 10 Oct 2019 10:57:16 +0900
Bo Peng <pengbo at sraoss.co.jp> wrote:

> Hi all,
> 
> I made a patch to make the pgpool started using "postgres" user by default.
> 
> Currently the Pgpool-II startup user is "root" user.
> Because of the security reason, startup Pgpool-II 
> using non-root user is recommended.
> 
> For this reason, I modified "pgpool.service" file to start
> Pgpool using  "postres" user, and allow "postrges" user to 
> run "if_up/down_cmd" and "arping_cmd" with sudo without a password.
> 
> The default setting of "if_up/down_cmd" and "arping_cmd" is changed:
> 
>     if_up_cmd = '/usr/bin/sudo /sbin/ip addr add $_IP_$/24 dev enp0s8 label enp0s8:0'
>     if_down_cmd = '/usr/bin/sudo /sbin/ip addr del $_IP_$/24 dev enp0s8'
>     arping_cmd = '/usr/bin/sudo /usr/sbin/arping -U $_IP_$ -w 1 -I enp0s8'
> 
> 
> This patch also changes all of the config files permission to 600.
> 
> -- 
> Bo Peng <pengbo at sraoss.co.jp>
> SRA OSS, Inc. Japan


-- 
Bo Peng <pengbo at sraoss.co.jp>
SRA OSS, Inc. Japan