[CentOS] PostgreSQL 8.1 on CentOS4

Lamar Owen lowen at pari.edu
Sat Nov 19 01:37:30 UTC 2005 

On Friday 18 November 2005 16:41, Sam Drinkard wrote:
> James B. Byrne wrote:
> >I have discovered that the default init script distributed with
> >pgsql v8.1 sets the listening port to 5432 but does not enable
> >tcp/ip connections.  One must add the -i switch to the invocation
> >line in the script.

As one of the authors of that initscript, I can state with certainty that is 
is intentional and by design.  (See Craig's followups for why; you nailed the 
reasons, Craig).

> >I am not sure if this is an oversight or 
> >whether there is another way to tell postmaster to start with
> >tcp/ip listening enabled that I am unaware of.

This has already been answered in this thread.  Previously, the tcpip_socket 
parameter was used, but was changed (CVSweb for 
src/backend/utils/misc/postgresql.conf.sample):
++++++++++++++++++++++
 Revision 1.109: download - view: text, markup, annotated - select for diffs
Tue Mar 23 01:23:48 2004 UTC (19 months, 4 weeks ago) by tgl
Branches: MAIN
Diff to previous 1.108: preferred, colored
Changes since revision 1.108: +3 -3 lines

Replace the virtual_host and tcpip_socket parameters with a unified
listen_addresses parameter, as per recent discussion.  The default behavior
is now to listen on localhost, which eliminates the need for the -i
postmaster switch in many scenarios.

Andrew Dunstan
++++++++++++++++++++++

> >However, I thought 
> >that this information might be of interest to anyone else running a
> >non-distro version of pgsql.

This is true for the distro versions after the above mentioned change.  

Note that the CentOS default 7.4 PostgreSQL uses tcpip_socket instead of 
listen_addresses, but that the default initscript still doesn't start 
postmaster with a -i.

> Jim, also be aware that there is a non-password login from root on that
> distro, as well as the CentOS version.  I found out the hard way after
> being compromised by some idiot portscanning me.  No damage, but thought
> it odd to have a password-less service open to the world.

This is why -i was made non-default back in PostgreSQL 6.5 days.  If the 
postgres database superuser were to be created by default with a password, 
then that password would also be well-known (search the pgsql-hackers list 
archives for some of the many discussions on this topic from the past).  
Thus, the PostgreSQL developers (myself included once I became RPM 
maintainer) decided to make TCP/IP listening not the default (it was already 
the default in the tarball distribution, and I decided to continue this in 
the RPM).  This behavior is now different as of version 8 due to 
listen_addresses (see Andrew's comment in the CVS log entry above), as now it 
defaults to listening on localhost only (fixing the most common instance of a 
local php process accessing localhost:5432).

You will find me (at one of my other e-mail addresses) listed in many of those 
files, and at http://www.postgresql.org/developer/bios so this is one area I 
actually know a little about.  Not a lot; but a little nonetheless.
-- 
Lamar Owen
Director of Information Technology
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC  28772
(828)862-5554
www.pari.edu

More information about the CentOS mailing list