I've never found a recommendation to run Postgresql on a privileged port in production. What type of port should be used in production regarding security and best practices?
Using a privileged port for Postgres would require the postgres daemon to run with root privileges, which in itself is a security vulnerability. So, no, you should not use a privileged port for Postgres.
Running PostgreSQL under 1024 requires some hacking. It's almost impossible outside of win32. From the
"root" execution of the PostgreSQL server is not permitted. The server must be started under an unprivileged user ID to prevent possible system security compromise. See the documentation for more information on how to properly start the server.
After which the backend calls
exit(1). It also doesn't run as a
setuid script. From the source,
Also make sure that real and effective uids are the same. Executing as a setuid program from a root shell is a security hole, since on many platforms a nefarious subroutine could setuid back to root if real uid is root. (Since nobody actually uses postgres as a setuid program, trying to actively fix this situation seems more trouble than it's worth; we'll just expend the effort to check for it.)
The only way to even set this up on Linux that I know of is
cap_net_bind_servicecapability (never tried it)