1.5 Ensure Data Cluster Initialized Successfully


First time installs of PostgreSQL requires the instantiation of the database cluster. A database cluster is a collection of databases that are managed by a single server instance.
For the purposes of security, PostgreSQL enforces ownership and permissions of the data-cluster such that:
An initialized data-cluster is owned by the UNIX account that created it.
The data-cluster cannot be accessed by other UNIX user-accounts.
The data-cluster cannot be created or owned by root
The Postgres process cannot be invoked by root nor any UNIX user account other than the owner of the data cluster.
Incorrectly instantiating the data-cluster will result in a failed installation.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Attempting to instantiate a data cluster to an existing non-empty directory will fail:
$ whoami
$ service postgresql-9.5 initdb
Data directory is not empty!
[root@pg1_centos ~]# [FAILED]
In the case of a cluster instantiation failure, one must delete/remove the entire data cluster directory and repeat the initdb command:
$ whoami
$ rm -rf ~postgres/9.5
$ service postgresql-9.5 initdb
Initializing database: [ OK ]

See Also


Item Details


References: 800-53|AC-3, CSCv6|14.4, CSCv7|14.6

Plugin: Unix

Control ID: 3aecf2d1675da48ec472a523ffc80b05b22166f1b878acb9e3762bb2041dfa56