1.5 Ensure Data Cluster Initialized Successfully

Information

First time installs of PostgreSQL requires the instantiation of the database cluster. A database cluster is a collection of databases that are managed by a single server instance.
Rationale:
For the purposes of security, PostgreSQL enforces ownership and permissions of the data-cluster such that:
* An initialized data-cluster is owned by the UNIX account that created it.
* The data-cluster cannot be accessed by other UNIX user-accounts.
* The data-cluster cannot be created or owned by root
* The PostgreSQL process cannot be invoked by root nor any UNIX user account other than the owner of the data cluster.
Incorrectly instantiating the data-cluster will result in a failed installation.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Attempting to instantiate a data cluster to an existing non-empty directory will fail:
$ whoami
root
$ /usr/pgsql-10/bin/postgresql-10-setup initdb
Data directory is not empty!
In the case of a cluster instantiation failure, one must delete/remove the entire data cluster directory and repeat the initdb command:
$ whoami
root
$ rm -rf ~postgres/10
$ /usr/pgsql-10/bin/postgresql-10-setup initdb
Initializing database ... OK

See Also

https://workbench.cisecurity.org/files/2306

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CSCv6|14.4, CSCv7|14.6

Plugin: Unix

Control ID: ff6a1c6e5d83dc5c2343f797673f19185e5bc25045525d04761aefe9da4777a8