Postgresql – Should database directory and file access be restricted to only the db user

best practicescorruptionpostgresqlSecurityusers

I don't know exactly how to word this question and I haven't been able to find any specifics on it so apologies if it's a duplicate.

I know that it's standard practice to have database server software run as a specific operating system user, with access to nothing but the necessary directories and files. I understand that this is done to prevent intruders that gain access through the software to have priveleges outside the minimum necessary for the db to run.

However, should I also restrict read and/or write permissions to the database directories and files at the operating system level to the db user alone? Is this standard practice? Are there any problems that can arise by other software or the operating system performing read operations on a live db?

I'm interested in both the general case (a live server, like a vps) and the case where it's running on a local desktop, used by only one person. Using postgres at the moment and I'm not experienced.

Best Answer

I'd say this is a good security practice to restrict OS access to your DB files. First you should definitely restrict write privileges to DB files at the OS level, if not already configured that way. Don't allow anyone other than the OS user that runs the DB to write to the DB files. Practically any DB software I can think of restricts this by default.

If you want to additionally restrict read access, this would be a good idea, especially if your database contains sensitive information. Any unprivileged OS user that shares your OS, if he/she has read-access to your DB files, they basically can get read access to your DB. They could simply steal copies of your DB files, send them to their own server, and setup the DB system and grant for themselves unlimited access to that clone. I'd say the majority of DB software does NOT proactively restrict read access at the OS level to the datafiles. It's up to you, the DBA to restrict this. If your data is super sensitive, you might want to consider encryption, which is available in most major DBMS. If the datafiles are encrypted, a would-be information thief would most likely be foiled even if he/she made off with your datafiles.

Don't forget to encrypt your backups, too, since they are just as sensitive as the DB itself.

Generally, you don't need to worry about the impact of cutting off access to other OS tools like backup software. Most DBMS can't and don't use any OS-based backup tools since DB files are changing. Rather you use specific tools like Oracle RMAN, SQL Server native backup, Litespeed, mysqldump, etc. These tools know how to handle a database that is changing and to get a proper backup. And some other OS tools like antivirus scanners run with root/system authority, so you can't keep them from reading your datafiles by permissions alone (encryption can).

If you're doing this on Unix, it can sometimes be a matter of simply chmod 700 (or perhaps 750) on the directory that contains your DB files. On Windows you could likely do this via NTFS permissions.

Related Solutions

Postgresql – Postgres Server access restricted to only one database from list of databases

If you make changes to pg_hba.conf, you need to reload PostgreSQL.

But I think you'd be better off revoking the CONNECT privilege for that user. (Or possibly revoking ALL privileges.) Skeleton syntax is

REVOKE [ GRANT OPTION FOR ]
    { { CREATE | CONNECT | TEMPORARY | TEMP } [, ...] | ALL [ PRIVILEGES ] }
    ON DATABASE database_name [, ...]
    FROM { [ GROUP ] role_name | PUBLIC } [, ...]
    [ CASCADE | RESTRICT ]

Something like

REVOKE CONNECT ON DATABASE database-name FROM fishy_user;

In PostgreSQL, each role (user or group) can be granted permission to access different databases if that's what you want to do. See Database Roles

Sql-server – SQL Server Rebuild/Reorganize Fragmented Indexes causes CRC error or consistency errors

The operating system returned error 23(Data error (cyclic redundancy check).) to SQL Server during a read

This indicates the operating system detected an issue reading data from the hard disk itself. When data is written onto the filesystem, the operating system calculates a CRC code for each block written; when that data is subsequently read back the operating system performs the CRC operation again on the read data and compares it with the CRC stored in the filesystem. If these two CRC codes don't match the OS reports error 23. I'd be very surprised if there isn't a hardware issue with either the drive itself, or perhaps some other component such as the motherboard or drive controller.

WITH (ONLINE=ON) in the Enterprise Edition of SQL Server will have no effect whatsoever on this issue. Online index operations vs offline index operations are no different at the operating system layer; data is read and written as necessary to either rebuild or recreate the index.

Best Answer

Related Solutions

Postgresql – Postgres Server access restricted to only one database from list of databases

Sql-server – SQL Server Rebuild/Reorganize Fragmented Indexes causes CRC error or consistency errors

Related Question