0

I've searched, what I thought to be relatively thoroughly, and was unable to find a previously asked similar question. My apologies ahead of time if I missed a duplicate question.

I have set up a Postgresql database on RHEL 7 at my work but have run into an issue. Whenever this server restarts it completely blows away the postgres user and the related group as a result of my company's security policy. In order to get around this I'll need to create a service account (in VDS, please see below) and ensure it has the appropriate permissions. So my questions are:

1) Is it possible the change the default user utilized to start up the postgres service? 2) What permissions would be needed for this? Just ownership of the associated executable? Would I need to change ownership of the data folder?

Any and all help is appreciated!

Thanks!

UPDATE: By service account I mean a company definition. Basically a non user account that would be in our virtual directory service. They have specific naming conventions so I don't think I could just request postgres. I'll need to tell the VDS people the permissions this user should have on this box and then make sure this user is the assigned one to initiate the service on start up.

Ron
  • 1
  • 1
  • 1
    The postgres user _is_ already a service account. What more do they want?! – Michael Hampton Feb 14 '18 at 20:35
  • My apologies when I meant service account I meant a company definition. Basically a non user account that would be in our virtual directory service. They have specific naming conventions so I don't think I could just request postgres from them although I may try :) – Ron Feb 14 '18 at 20:48
  • It would be much easier for everyone for them to make their service account named postgres, as the postgres packages always expect to use this username. Trying to rename this involves possibly hours of additional avoidable work every time there is an installation or (security) update. – Michael Hampton Feb 14 '18 at 20:55
  • I'll let you know what they say. *fingers crossed* – Ron Feb 14 '18 at 20:59
  • Security is fine, but the naming convention provides no security benefit whatsoever. In principle there's no _reasonable_ security related reason why the account should not be named postgres. But I'm sure your company has someone who can come up with _unreasonable_ ones. Push back hard. – Michael Hampton Feb 14 '18 at 21:01
  • Ticket has been entered so now I wait :). Thanks for the feedback/help. – Ron Feb 14 '18 at 21:04

0 Answers0