[CentOS] PostgreSQL/SELinux Error - relation "pg_catalog.pg_user" does not exist
Les Mikesell
lesmikesell at gmail.com
Tue May 24 15:16:55 UTC 2005
On Tue, 2005-05-24 at 09:25, Peter Farrow wrote:
> This line
> " It makes 0700 the same as 0770. "
>
> in the context of one group per user makes perfect sense to me......
>
> What John is getting at is that if one user is assigned their own
> individual group, then the concept of groups for security granularity is
> negated which essentially removes the middle part of the unix
> permissions syntax as the group and user are one and the same, so 0700
> is 0770, and in this instance your comment "0700 is and will always be
> different from 0770" does not apply.... you are right in that 0700 is
> different to 0770 but the security upshot is the same if each user has
> their own unique group and in that scenario there is no functional
> difference between 0700 and 0770.
>
> This is the essence of John's statement which I think you may have
> missed....
But everyone seems to be missing the real point, which is that if
everyone is in a unique group, you can make everything owned by the
user also group accessible by default without changing anything.
Then when you do want someone to have access, all you have to do
is add them to your group. In the pre-RedHat world you also had to
go change the group and modes of all your files and change your
umask after you realized that sharing is useful. And, of course if
you restored anything from backups, it would come back wrong.
None of this changes what you can do with other groups.
--
Les Mikesell
les at futuresource.com
More information about the CentOS
mailing list