From c7b29a5071a1d7b86d40a56bb505cc8921d670ea Mon Sep 17 00:00:00 2001
From: "Aaron W. Swenson" <titanofold@gentoo.org>
Date: Sat, 9 Mar 2013 14:58:46 +0000
Subject: Change ${socket_path} permissions so that users in the `postgres'
 system group cannot create, rename, or delete files in ${socket_path}.

---
 postgresql.init | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/postgresql.init b/postgresql.init
index 9a1d64e..aef9f04 100755
--- a/postgresql.init
+++ b/postgresql.init
@@ -61,7 +61,7 @@ checkconfig() {
 
     # Set the proper permission for the socket path and create it if
     # it doesn't exist.
-    checkpath -d -m 0770 -o postgres:postgres ${socket_path}
+    checkpath -d -m 0750 -o postgres:postgres ${socket_path}
     if [ -e ${socket_path%/}/.s.PGSQL.${configured_port} ] ; then
         eerror "Socket conflict."
         eerror "A server is already listening on:"
-- 
cgit v1.2.3-65-gdbad