< Zurück | Inhalt | Weiter >

14.9.1 Installing PostgreSQL

The simplest way to install PostgreSQL is to use precompiled binary packages. RedHat and Fedora have RPM packages for installing the database and client software (although neither distributes the client libraries for Java due to licens- ing issues with Java itself). The PostgreSQL project produces RPM packages of their own, including the Java JDBC class library. Those might be your easiest course. Debian packages for PostgreSQL exist, but again, they do not provide the JDBC library.

For our purposes, we are going to assume that you have downloaded and installed the following RPM packages9 from the PostgreSQL Download page:10

postgresql-server

postgresql-devel

postgresql-jdbc

postgresql-docs (optional)



image

9. If you are a user of Debian or another Debian-based Linux distribution, you should be aware that there is a Debian package called alien, which can install and manage RPM packages on a Debian system.

10. http://www.postgresql.org/mirrors-ftp.php

image

14.9 Setting Up PostgreSQL for BudgetPro 323

14.9.2 Creating a postgres User

More than likely, installing a PostgreSQL package will create a new Linux user called postgres on your system. This is not a login account; it will be used by the database server process daemon11 (called “postmaster,” lest you think that it might be an e-mail server or something). Furthermore, only the postgres user is able to create additional database users or any databases.

Obviously, we won’t want it to be like this forever. It has the same prob- lem as the root user on the OS itself: There’s one magic user with all the power. You’ll need to create additional users and you’ll want to limit what they can do. How to do it?

First off, you can’t log in as postgres, so you will have to become root

and then su to the postgres user:


[mschwarz@cassidy mschwarz]$ su - Password:

[root@cassidy root]# su - postgres

-bash-2.05b$


Note that postgres didn’t have any profile or rc script to set up prompts or anything.

All PostgreSQL databases have owning users, in much the same way that all Linux files have owning users. But PostgreSQL users are not necessarily the same as Linux users.12 The only PostgreSQL user that exists “out of the box” is postgres. You must use the createuser command-line utility (or the equivalent SQL) to create a user. Here’s an example:


image

11. Historically, daemon processes on UNIX systems used to be run as root. But a program error in a daemon would allow a malicious user to execute code as the owner of the process. If that owner is root, one programming mistake in a server process could give an attacker total control of the system. Beware of any daemon process that runs as root. Nowadays, these run as either a totally nonpriviledged user such as nobody, or, if they really need to write files or some such thing, as a catch-all user like daemon. The database is an important process and it needs its own security, so it runs as its own user, postgres.

12. For most PostgreSQL command-line utilities, if no PostgreSQL username is specified, the current Linux username will be used. This is often a convenient choice, but you might have compelling reasons not to do this.


-bash-2.05b$ createuser mschwarz

Shall the new user be allowed to create databases? (y/n) y Shall the new user be allowed to create more new users? (y/n) y CREATE USER

-bash-2.05b$


Here, we created the PostgreSQL user mschwarz and gave him the ability to create databases and new users.