18.1. The PostgreSQL User Account
As with any server daemon that is accessible to the outside world,
it is advisable to run
separate user account. This user account should only own the data
that is managed by the server, and should not be shared with other
daemons. (For example, using the user
is a bad
idea.) In particular, it is advisable that this user account not own
executable files, to ensure
that a compromised server process could not modify those executables.
Pre-packaged versions of PostgreSQL will typically create a suitable user account automatically during package installation.
To add a Unix user account to your system, look for a command
. The user
is often used, and is assumed
throughout this book, but you can use another name if you like.