Why Do We Install As Root?

dave.page's picture
Author: Dave Page
09/11/2018

A couple of common questions I hear from customers (usually long-time users of a particular database from Redwood) via our guys in the field is “why do we install our software as root?” And “why do we run services as postgres?”. The simple, TLDR; answer is “for security”.

A basic principle when securing a software installation is “install with maximum privilege requirements and run with minimal”. In practice, this equates to having software being installed and binaries/executables etc. owned by the root user, whilst the services themselves are actually run under a minimally privileged (and ideally dedicated) service user account, typically postgres in a PostgreSQL installation. Data files and any other files that need to be modified by the software in normal operation are also owned by the service user account.

Continue reading on PostgresRocks to learn more. >>

 

Every #TechTuesday, EnterpriseDB shares a how-to post authored by a Postgres contributor and expert for Postgres Gems, the PostgresRocks community forum. PostgresRocks is a community to discuss all things Postgres. Join us at PostgresRocks and be part of the conversation.