It is common to have more than one authorized individual administering the PostgreSQL service at the Operating System level. It is also quite common to permit login privileges to individuals on a PostgreSQL host who otherwise are not authorized to access the server's data cluster and files. Administering the PostgreSQL data cluster, as opposed to its data, is to be accomplished via a localhost login of a regular UNIX user account. Access to the postgres superuser account is restricted in such a manner as to interdict unauthorized access. sudo satisfies the requirements by escalating ordinary user account privileges as the PostgreSQL RDBMS superuser. Rationale: Without sudo, there would not be capabilities to strictly control access to the superuser account and to securely and authoritatively audit its use.
As superuser root, execute the following commands: # echo '%pg_wheel ALL= /bin/su - postgres' > /etc/sudoers.d/postgres # chmod 600 /etc/sudoers.d/postgres This grants any Operating System user that is a member of the pg_wheel group to use sudo su - postgres to become the postgres user. Ensure that all Operating System user's that need such access are members of the group as detailed earlier in this benchmark. References: https://www.sudo.ws/man/1.8.15/sudo.man.html https://www.sudo.ws/man/1.8.17/visudo.man.html