| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, richter(at)simkorp(dot)com(dot)br, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Revoke "drop database" even for superusers? |
| Date: | 2012-11-09 22:18:03 |
| Message-ID: | 20082.1352499483@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Andres Freund <andres(at)anarazel(dot)de> writes:
> On 2012-11-09 12:42:37 +0100, Albe Laurenz wrote:
>> You cannot play it over permissions, but what about the following trick:
>>
>> postgres=# CREATE DATABASE persist;
>> CREATE DATABASE
>> postgres=# UPDATE pg_database SET datistemplate=TRUE WHERE
>> datname='persist';
>> UPDATE 1
>> postgres=# DROP DATABASE persist;
>> ERROR: cannot drop a template database
> Not a good idea, autovacuum will use a freeze_min_age of 0 in that
> case which will make it heaps more expensive. Also it allows everyone to
> copy that database not only its owner/superuser.
> I think there might be even more unexpected consequences of playing that
> trick.
It seems pretty pointless in any case, since a superuser could just undo
the UPDATE and then drop the database.
If what you're trying to avoid is accidental, rather than malicious,
drops, here's something that would be a lot more useful: avoid using
superuser accounts as much as you possibly can. There are not that
many things that you really need to use superuser privileges for.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Edson Richter | 2012-11-09 22:49:42 | Re: Revoke "drop database" even for superusers? |
| Previous Message | Andres Freund | 2012-11-09 22:02:36 | Re: Revoke "drop database" even for superusers? |