| From: | darrenk(at)insightdist(dot)com (Darren King) |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [HACKERS] Postgres acl (fwd) |
| Date: | 1998-01-06 19:20:15 |
| Message-ID: | 9801061920.AA77408@ceodev |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > > > Can someone who has permission to create databases be trusted not to
> > > > delete others? If we say no, how do we make sure they can change
> > > > pg_database rows on only databases that they own?
> > >
> > > deleting a database is accomplished using 'drop database', no?
> > > Can the code for that not be modified to see whether the person dropping
> > > the database is the person that owns it *or* pgsuperuser?
> >
> > It already does the check, but issues an SQL from the C code to delete
> > from pg_database. I believe any user who can create a database can
> > issue the same SQL command from psql, bypassing the drop database
> > checks, no?
>
> Okay, I understand what you mean here...so I guess the next
> question is should system tables be directly modifyable by non-superuser?
>
> For instance, we have a 'drop database' SQL command...can we
> restrict 'delete from pg_database' to just superuser, while leaving 'drop
> database' open to those with createdb privileges? Same with 'create
> user', and, possible, a 'create group' command instead of 'insert into
> pg_group'?
IMHO, the system tables should _never_ be directly modifiable by anyone
other than the superuser/dba. The rest of the population should have to
use a command of some sort that can be grant/revoked by said superuser/dba.
darrenk
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 1998-01-06 19:21:32 | Re: [HACKERS] Postgres acl (fwd) |
| Previous Message | Vadim B. Mikheev | 1998-01-06 18:51:15 | Re: [HACKERS] I want to change libpq and libpgtcl for better handling of large query results |