| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Ken Tanzer <ken(dot)tanzer(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Disable executing external commands from psql? |
| Date: | 2010-06-02 00:26:21 |
| Message-ID: | 201006020026.o520QLU19703@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Ken Tanzer wrote:
> >
> > The better way to go about that is to not let them have an account on
> > the server machine in the first place. Just expose the postmaster port
> > (perhaps via ssh tunneling) and let them run psql on their own machines.
> Somehow, exposing my database ports to the internet scares me more than
> any (possibly crazy) stuff I'm trying to do. :)
>
> But seriously I think I need to give them accounts--I'm setting up
> online instances of a web app, so they have a set of (editable) PHP
> files, possibly some storage, a log file, etc. It seemed that setting
> each up as its own user was better than going through some uber-process
> that had access to all the files.
>
> Just to be clear, cause I'm a little thick sometimes, it is not possible
> to do this?
Maybe put them into a chroot() environment, or hack psql to remove \!.
No one has asked for this before.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ None of us is going to be here forever. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ernesto Quiñones | 2010-06-02 00:28:54 | Re: PosttgreSQL on AIX |
| Previous Message | Bruce Momjian | 2010-06-02 00:23:58 | Re: Disable executing external commands from psql? |