1.5 Ensure Data Cluster Initialized Successfully


First time installs of PostgreSQL requires the instantiation of the database cluster. A database cluster is a collection of databases that are managed by a single server instance.
For the purposes of security, PostgreSQL enforces ownership and permissions of the data-cluster such that:
* An initialized data-cluster is owned by the UNIX account that created it.
* The data-cluster cannot be accessed by other UNIX user-accounts.
* The data-cluster cannot be created or owned by root
* The PostgreSQL process cannot be invoked by root nor any UNIX user account other than the owner of the data cluster.
Incorrectly instantiating the data-cluster will result in a failed installation.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Attempting to instantiate a data cluster to an existing non-empty directory will fail:
$ whoami
$ /usr/pgsql-10/bin/postgresql-10-setup initdb
Data directory is not empty!
In the case of a cluster instantiation failure, one must delete/remove the entire data cluster directory and repeat the initdb command:
$ whoami
$ rm -rf ~postgres/10
$ /usr/pgsql-10/bin/postgresql-10-setup initdb
Initializing database ... OK

See Also


Item Details


References: 800-53|AC-3, CSCv6|14.4, CSCv7|14.6

Plugin: Unix

Control ID: 7c81e657b8fac64e21d2bb45a080b25eefb56e054e2605709227f36b4febaaf3