[pgpool-hackers: 3455] Re: Pgpool-II default startup user
Bo Peng
pengbo at sraoss.co.jp
Thu Oct 10 13:24:42 JST 2019
On Thu, 10 Oct 2019 11:19:43 +0900 (JST)
Tatsuo Ishii <ishii at sraoss.co.jp> wrote:
> > Hi all,
> >
> > I made a patch to make the pgpool started using "postgres" user by default.
> >
> > Currently the Pgpool-II startup user is "root" user.
> > Because of the security reason, startup Pgpool-II
> > using non-root user is recommended.
> >
> > For this reason, I modified "pgpool.service" file to start
> > Pgpool using "postres" user, and allow "postrges" user to
> > run "if_up/down_cmd" and "arping_cmd" with sudo without a password.
> >
> > The default setting of "if_up/down_cmd" and "arping_cmd" is changed:
> >
> > if_up_cmd = '/usr/bin/sudo /sbin/ip addr add $_IP_$/24 dev enp0s8 label enp0s8:0'
> > if_down_cmd = '/usr/bin/sudo /sbin/ip addr del $_IP_$/24 dev enp0s8'
> > arping_cmd = '/usr/bin/sudo /usr/sbin/arping -U $_IP_$ -w 1 -I enp0s8'
> >
> >
> > This patch also changes all of the config files permission to 600.
>
> I think you need to change src/config/pool_config_variable.c as well
> since the default values for the variables are also appearing in the
> file.
Yes. I fixed that.
Patch is attached.
> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp
--
Bo Peng <pengbo at sraoss.co.jp>
SRA OSS, Inc. Japan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: if_up_down_cmd_v2.patch
Type: application/octet-stream
Size: 26584 bytes
Desc: not available
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20191010/345ab6ca/attachment-0001.obj>
More information about the pgpool-hackers
mailing list