| From: | Francisco Olarte <folarte(at)peoplecall(dot)com> |
|---|---|
| To: | Kynn Jones <kynnjo(at)gmail(dot)com> |
| Cc: | Jerry Sievers <gsievers19(at)comcast(dot)net>, pgsql-general General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: how to create a role with no privileges? |
| Date: | 2014-07-01 16:36:46 |
| Message-ID: | CA+bJJbyCQCSyE_N1rsNYvhEkrkZghVwUQVB3YEKQ5JWhpx=KUg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, Jul 1, 2014 at 6:13 PM, Kynn Jones <kynnjo(at)gmail(dot)com> wrote:
> Actually, AFAICT, revoking usage on the schemas you listed seems to have no
> effect at all on the "minimal role"'s ability to use \l, \d, \dt, etc.
>
> In particular, the minimal role still has access to the shell through \!.
> YIKES!!!
Without seeing your actual commands, it's difficult to know about the
schema stuff, but one thing for sure, \! has nothing to do with
databases permissions, it is related to local process permisions (
database is not contacted, it is a local shell access ), you have to
restrict it with whichever tools your operating system has.
It seems you are confussing the postgresql database with psql, which
is just a C program linked with the libpq library to access a
postgresql database server. You can easily rewrite it in, say, java
using jdbc, or, if you read enough docs, in any language which allows
socket access.
Database permissions will apply to any of them.
Francisco Olarte.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John R Pierce | 2014-07-01 16:58:19 | Re: how to create multiple databases running in different dirs |
| Previous Message | Kynn Jones | 2014-07-01 16:13:02 | Re: how to create a role with no privileges? |