From 37e55354334fc1ee86a3a3478d8e4a337c340959 Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Wed, 28 Nov 2001 00:13:30 +0000
Subject: [PATCH] Add mention of init -W flag for security.
---
doc/src/sgml/runtime.sgml | 49 +++++++++++++++++++++++++--------------
1 file changed, 31 insertions(+), 18 deletions(-)
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index c694cfc7555..8e37930a6e4 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1,5 +1,5 @@
<!--
-$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.97 2001/11/21 06:09:45 thomas Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.98 2001/11/28 00:13:30 momjian Exp $
-->
<Chapter Id="runtime">
@@ -51,28 +51,28 @@ $Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.97 2001/11/21 06:09:45 tho
<para>
Before you can do anything, you must initialize a database storage
- area on disk. We call this a <firstterm>database
- cluster</firstterm>. (<acronym>SQL</acronym> speaks of a catalog
- cluster instead.) A database cluster is a collection of databases
- that will be accessible through a single instance of a running
- database server. After initialization, a database cluster will
- contain one database named <literal>template1</literal>. As the
- name suggests, this will be used as a template for any subsequently
- created database; it should not be used for actual work.
+ area on disk. We call this a <firstterm>database cluster</firstterm>.
+ (<acronym>SQL</acronym> speaks of a catalog cluster instead.) A
+ database cluster is a collection of databases that will be accessible
+ through a single instance of a running database server. After
+ initialization, a database cluster will contain one database named
+ <literal>template1</literal>. As the name suggests, this will be used
+ as a template for any subsequently created database; it should not be
+ used for actual work.
</para>
<para>
In file system terms, a database cluster will be a single directory
- under which all data will be stored. We call this the
- <firstterm>data directory</firstterm> or <firstterm>data
- area</firstterm>. It is completely up to you where you choose to
- store your data, there is no default, although locations such as
+ under which all data will be stored. We call this the <firstterm>data
+ directory</firstterm> or <firstterm>data area</firstterm>. It is
+ completely up to you where you choose to store your data, there is no
+ default, although locations such as
<filename>/usr/local/pgsql/data</filename> or
- <filename>/var/lib/pgsql/data</filename> are popular. To initialize
- a database cluster, use the command <command>initdb</command>,
- which is installed with <productname>PostgreSQL</productname>. The
- desired file system location of your database system is indicated
- by the <option>-D</option> option, for example
+ <filename>/var/lib/pgsql/data</filename> are popular. To initialize a
+ database cluster, use the command <command>initdb</command>, which is
+ installed with <productname>PostgreSQL</productname>. The desired
+ file system location of your database system is indicated by the
+ <option>-D</option> option, for example
<screen>
> <userinput>initdb -D /usr/local/pgsql/data</userinput>
</screen>
@@ -118,6 +118,19 @@ postgres> <userinput>initdb -D /usr/local/pgsql/data</userinput>
permissions from everyone but the <productname>PostgreSQL</productname> user account.
</para>
+ <para>
+ However, while the directory contents are secure, the default
+ <filename>pg_hba.conf</filename> authentication of
+ <literal>trust</literal> allows any local user to become the
+ superuser and connect to the database. If you don't trust your local
+ users, we recommend you use the <command>initdb</command> option
+ <option>-W</option> or <option>--pwprompt</option> to assign a
+ password to the superuser and modify your
+ <filename>pg_hba.conf</filename> accordingly. (Another option:
+ Your operating system may support <literal>ident</literal> for
+ local connections.)
+ </para>
+
<para>
<indexterm><primary>LC_COLLATE</></>
One surprise you might encounter while running <command>initdb</command> is
--
GitLab