PostgreSQL users peer authentication on unix sockets by default, where the unix user must be the same as the PostgreSQL user. So people frequently use su or sudo to become the postgres superuser.
I often see people using constructs like:
sudo su - postgres
rather than
sudo -u postgres -i
and I'm wondering why. Similarly, I've seen:
sudo su - postgres -c psql
instead of
sudo -u postgres psql
Without the leading sudo the su versions would make some sense if you were on an old platform without sudo. But why on a less than prehisoric UNIX or Linux would you use sudo su ?
Forget
sudo suThere is no benefit to using
sudo su, it's an anachronistic habit from when people were used to usingsu. People started tackingsudoin front when Linux distros stopped setting a root password and madesudothe only way to access the root account. Rather than change their habits, they just usedsudo su. (I was one of them until relatively recently when using boxes withsudoersconfigs forced me to change my habit).Use
sudo -uFor a login shell,
sudo -u postgres -iis preferable tosudo su - postgres. It doesn't require that the user have root access in/etc/sudoers, they only need the right to become userpostgres. It also lets you enforce better access controls.For command execution
is superior to the alternative:
in that you don't have to double-escape quotes and other shell metacharacters as well as the other security advantages of not needing root. You'll probably accidentally land up writing:
sometimes, which won't work properly.
Finally, it's way easier to set environment variables via
sudo, e.g.than via
su. (Here, thePATHsetting is required so thatinitdbcan find the correctpostgresexecutable).So. Forget the
sucommand exists. You don't need it anymore. To break the habit, alias it to something that'll print an error. (Some init and package setup scripts still usesuso you can't remove it, though).See also: