Why is there a shell given to user for PostgreSQL?
Solution 1
There is a shell because we use PostgreSQL from the command line as the PostgreSQL user.
Solution 2
If a server admin uses sudo
and is not careful about what environment and and umask this results in, working on the database may end up creating files in unintended locations or with unintended permissions.
Assigning a shell to the user enables admins to login as postgres and do the work on that users shell. Figuring out sudo
as the source of unspecific server error messages would be too much of a headache.
If you do not need this, and are certain that you will never call postgres binaries in such error-prone way you can safely remove the shell:
usermod --shell /bin/false postgres
Keep in mind that, beign able to become root, you can still become anyone, including users without valid shells:
su --shell /bin/bash postgres
Authoritative source:
Sometimes you want to log in as that user to be able to do certain types of special administration or fixes. For example, if you ever need to run pg_resetxlog, you probably want to be logged in as postgres, unless you are very confident that your su or sudo invocations are correct and don't mess up the permissions of the database directory in strange ways. -- Peter Eisentraut, PostgreSQL dev
Solution 3
Postgres runs under a special operating system user account for security reasons. This account is created on your machine when the installer runs, and unless overridden on the command line, it will be called "postgres".
On Unix-like operating systems such as Linux and Mac OS X, the account is setup without a password and users generally never need to worry about it again. Source.
Also it's not a good practice to edit the passwd file manually. You should use the command:
sudo passwd postgres
Related videos on Youtube
Chen
Updated on September 18, 2022Comments
-
Chen over 1 year
cat /etc/passwd |grep postgre
postgres:x:115:127:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
apt-cache show postgresql
Package: postgresql Priority: optional Section: database Installed-Size: 65 Maintainer: Ubuntu Developers <[email protected]> Original-Maintainer: Debian PostgreSQL Maintainers <[email protected]> Architecture: all Source: postgresql-common (136) Version: 9.1+136 Depends: postgresql-9.1 Filename: pool/main/p/postgresql-common/postgresql_9.1+136_all.deb Size: 5468 MD5sum: 34f5a1373ad5cd0b6f5aa3e7af06c9e7 SHA1: 6f271758bd51c23614b12fd63fb711ecfa43e9e5 SHA256: e8921a22b560e81f57a2a00001e31ba1036f67a8e7f151bf8f977b4919fc559a
Can I replace that
/bin/bash
with/bin/false
?-
Chen over 11 years@Jorge Castro my question is, why is there a shell for PostgreSQL's user, not why there is there a user for PostgreSQL.. because I have seen other users such as MySQL did not required it.
-
-
Chen over 11 yearsThen, We did not use MySQL as the MySQL user right? I guess may that user was used for internally system, This means I should not remove that
/bin/bash
for keep my PostgreSQL running correctly.. Thanks you anyway! -
arielf over 5 yearsThis answer is better than the accepted answer. There's no need for a login shell to be able to run commands as a certain user (for that sudo would do). Many Ubuntu subsystems have /bin/false or /usr/sbin/nologin as their login shell and they work just fine, while not opening up new ways to remotely access a system.