The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/17/install-make.html Description:
The current 'short' version is ``` ./configure make su make install adduser postgres mkdir -p /usr/local/pgsql/data chown postgres /usr/local/pgsql/data su - postgres /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data /usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start /usr/local/pgsql/bin/createdb test /usr/local/pgsql/bin/psql test ``` The security could be improved by limiting the amount of work that is done as root. (sudo make install -- shudder!) First, split `make install` so `make build` gets as far as building the libraries **under the current directory**, not on location in the start directory. Second, verify that `make install` does nothing but create directories and copy files into them. It can probably also include the tasks currently done by `make installdir` but the latter might still be required by some external process. This target should be reviewed by security experts. The 'short' script can then be rewritten as ``` # work done as a regular user ./configure make build # work that requires ROOT access su mkdir /usr/local/pgsql/data chown (current user):(current group) /usr/local/pgsql adduser --system --group postgres exit # work that requires POSTGRES access su -u postgres make install installdirs exit # work that requires ROOT access su adduser --system --group postgres chown -R postgres:postgres /usr/local/pgsql exit # work that requires POSTGRES access su - postgres /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data /usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start /usr/local/pgsql/bin/createdb test /usr/local/pgsql/bin/psql test exit ```
