Package: postgresql-common
Version: 6
Severity: important
Tags: experimental
Greetings,
pg_ctlcluster has a rather serious flaw- it doesn't, and can't
apparently from perl (amazing as that is...) call initgroups(). This
means that if you want to have Postgres use PAM and pam_unix and
/etc/shadow to authenticate users, it can't. This is because perl
doesn't call initgroups() after the setuid() change and so postmaster
never ends up with shadow permissions, even if it's in the shadow
group in /etc/groups.
This will break anyone who's currently using PostgreSQL w/ pam_unix, a
rather ugly setup but not at all uncommon. A quick hack that I did
was to just add '. "42";' to the $( = $) = blah line. I suppose you
could fix this by doing a getgrnam and then doing the $( = $) stuff
for the appropriate groups. Somewhat ugly but then I don't believe
perl gives you any other options.
Be really nice to have this fixed... :)
Thanks,
Stephen
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
