| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Daniel Gomez Blanco <nanodgb(at)gmail(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Pros and cons of giving someone superuser privilege |
| Date: | 2014-05-15 19:44:53 |
| Message-ID: | 20140515194453.GA25052@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Fri, Apr 25, 2014 at 03:46:52PM +0200, Daniel Gomez Blanco wrote:
> Hi all,
>
> I'm part of a service where we provide users with their own PostgreSQL
> instances. The idea is that we provide them with a website to request and
> manage their databases (start/stop, backups, restores, upgrades, monitoring,
> etc). By doing this, we avoid having to give them access to the machine where
> their database is running, as this would be a security concern. But in the end,
> the user is the sole responsible for the database.
>
> At the moment we create an "admin" user for them and give it "createdb" and
> "createrole" privileges. My question is, in case we give that user the
> superuser privilege, what would the repercussion be concerning security (as in
Have you considered that your users can _create_ superusers? I think
modified Amazon Postgres blocks that, but native Postgres does not.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ramkumar Raghavan | 2014-05-17 05:20:26 | Regarding server sizing for postgres database |
| Previous Message | aram azhari | 2014-05-12 13:27:34 | PgAdmin 1.18.1 : Error connecting to the server: Kerberos 5 Authentication not supported. |