18.1. ThePostgreSQL User Account#
As with any server daemon that is accessible to the outside world, it is advisable to runPostgreSQL under a separate user account. This user account should only own the data that is managed by the server, and should not be shared with other daemons. (For example, using the usernobody is a bad idea.) In particular, it is advisable that this user account not own thePostgreSQL executable files, to ensure that a compromised server process could not modify those executables.
Pre-packaged versions ofPostgreSQL will typically create a suitable user account automatically during package installation.
To add a Unix user account to your system, look for a commanduseradd oradduser. The user namepostgres is often used, and is assumed throughout this book, but you can use another name if you like.