1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
postgresql for DEBIAN
----------------------
PostgreSQL is the successor to Postgres95, which in turn succeeded
POSTGRES. PostgreSQL is a relational database with object-oriented
extensions. It implements the greater part of SQL-92 and is intended
to implement it in full; in addition it supports its own extended
facilities.
Most of the documentation is in the separate package postgresql-doc.
TAKE SPECIAL NOTE of the instructions in README.Debian.migration
(/usr/share/doc/postgresql/README.Debian.migration.gz) about upgrading your
PostgreSQL system to a later version. Failure to do so could destroy
your data!!!
Version 7.2 was released upstream in February 2002.
Configuration
=============
Configuration of the backend is done by editing the configuration files
/etc/postgresql/postmaster.conf and /etc/postgresql/postgresql.conf.
The environment for the postgres user is automatically set up to
include /etc/postgresql/postgresql.env; this file can be modified to
set the value of PGHOST, for example.
Database access control
=======================
Access control is first of all governed by whether the postmaster uses
the -i option (which allows TCP/IP connections). If this option is
not used, only Unix socket connections are used, which limits access to
processes running on the same machine. Next, the configuration file
/etc/postgresql/pg_hba.conf allows a finer-grained control of access
by user and by host.
As of 7.1release-3, the default access policy for the Debian packages is that
users connecting through Unix sockets are authenticated against their
Unix login names. (That is, they can connect to PostgreSQL
only with names that match their Unix login names.)
Kerberos authorisation is not compiled into this release. +
Speed
=====
To give the maximum possible assurance of data integrity, PostgreSQL,
by default, does an fsync() after some write operation This has an
adverse effect on performance. If you consider that you can rely on
the operating system's regular sync, you can disable PostgreSQL's
fsync and achieve an increase in throughput. The speed difference
is considerably less in 7.1 than in earlier releases and so you
may well not consider it worthwhile to disable fsync() calls.
To disable fsync(), set FSYNC to `off' in /etc/postgresql/postmaster.conf.
In Debian, this option is on by default.
Debian-specific features
========================
There are certain differences between the Debian version of PostgreSQL
and the upstream version. There are two reasons for this. First,
because Debian policy requires certain things to be done in a manner
different from that used by the upstream developers, and second, because
I perceive a difference between a piece of software that is put onto
a machine by an ordinary user and one that is installed, as part of a
distribution, by the system administrator.
1. Environment variables: Debian does not allow packages to depend on users'
setting environment variables. For this reason, certain front-end
programs, especially psql, are run through a wrapper that sets up
the environment. Any variables the user does set will, of course,
be honoured.
2. Default database: the upstream version defaults to a database whose
name is the same as the name of the PostgreSQL user who is trying to
access it. I do not think this is appropriate to a distribution, so
in Debian, the database must be specified on the command line or in
the environment variable PGDATABASE.
3. Initialising the postmaster: the upstream version uses a program called
pg_ctl, that was introduced at release 7.0, to start up and stop the
postmaster. I do not feel that this sits very comfortably with
Debian's way of starting backend processes, so I have continued to use
the procedure I developed for previous versions, whereby
/etc/init.d/postgresql calls postgresql-startup or start-stop-daemon.
I will be borrowing nice features from pg_ctl to incorporate in the
init.d script.
4. Initial environment: Debian stores its setup files in /etc/postgresql.
These files are postmaster.conf, pg_hba.conf and postgresql.env, and any
files referenced by pg_hba.conf. They are self-documented, so you are
advised to leave the comments alone if you edit them. Where necessary,
there are symbolic links to the locations where the upstream code
expects to find them.
5. Location of socket: in previous versions the socket file was located
in /tmp/. It has now been moved to /var/run/postgresql/ so as to avoid
problems with packages such as tmpreaper and to be more consistent
with Debian policy. This location can be altered by setting
UNIX_SOCKET_DIRECTORY in postgresql.conf.
6. Unix socket authentication is provided (authentication type "peer").
This works just like ident, but for Unix sockets; this provides a more
secure method of authentication than ident, and does not require
administrators to run identd on their servers. This authentication
method has been submitted to the upstream developers, but is not
currently part of the upstream release.
Creating users
==============
PostgreSQL has its own list of users, who have no necessary connection
with any particular machine's Unix users.
When PostgreSQL is first installed, only one user exists -- 'postgres',
and the default security settings means that that user can only be accessed
from the Unix login 'postgres'. 'postgres' is the PostgreSQL "superuser",
in that it can do anything inside PostgreSQL, just as root can do anything
in Unix.
To create other users, you must use either the createuser script from
Unix or the CREATE USER command inside PostgreSQL.
Man pages: createuser(1), create_user(7l)
|
