| From: | Edson Richter <edsonrichter(at)hotmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Revoke "drop database" even for superusers? |
| Date: | 2012-11-09 22:49:42 |
| Message-ID: | BLU0-SMTP18850AA8B4213361E5B0EB2CF680@phx.gbl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Em 09/11/2012 20:18, Tom Lane escreveu:
> Andres Freund <andres(at)anarazel(dot)de> writes:
>> On 2012-11-09 12:42:37 +0100, Albe Laurenz wrote:
>>> You cannot play it over permissions, but what about the following trick:
>>>
>>> postgres=# CREATE DATABASE persist;
>>> CREATE DATABASE
>>> postgres=# UPDATE pg_database SET datistemplate=TRUE WHERE
>>> datname='persist';
>>> UPDATE 1
>>> postgres=# DROP DATABASE persist;
>>> ERROR: cannot drop a template database
>> Not a good idea, autovacuum will use a freeze_min_age of 0 in that
>> case which will make it heaps more expensive. Also it allows everyone to
>> copy that database not only its owner/superuser.
>> I think there might be even more unexpected consequences of playing that
>> trick.
> It seems pretty pointless in any case, since a superuser could just undo
> the UPDATE and then drop the database.
>
> If what you're trying to avoid is accidental, rather than malicious,
> drops, here's something that would be a lot more useful: avoid using
> superuser accounts as much as you possibly can. There are not that
> many things that you really need to use superuser privileges for.
>
> regards, tom lane
>
>
Thanks you.
I'll look documentation to create a user that has enough permission to
do everything needed, except dropping databases.
Regards,
Edson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lists | 2012-11-10 00:28:50 | Re: Unexpectedly high disk space usage RESOLVED (Manual reindex/vacuum) |
| Previous Message | Tom Lane | 2012-11-09 22:18:03 | Re: Revoke "drop database" even for superusers? |