From: | Daniel Gomez Blanco <nanodgb(at)gmail(dot)com> |
---|---|
To: | pgsql-admin(at)postgresql(dot)org |
Subject: | Pros and cons of giving someone superuser privilege |
Date: | 2014-04-25 13:46:52 |
Message-ID: | CAL4HELd-Zhk3exeNdk=dxwVsAwXrgnTRfbsCThH3T0=KA33A_w@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Hi all,
I'm part of a service where we provide users with their own PostgreSQL
instances. The idea is that we provide them with a website to request and
manage their databases (start/stop, backups, restores, upgrades,
monitoring, etc). By doing this, we avoid having to give them access to the
machine where their database is running, as this would be a security
concern. But in the end, the user is the sole responsible for the database.
At the moment we create an "admin" user for them and give it "createdb" and
"createrole" privileges. My question is, in case we give that user the
superuser privilege, what would the repercussion be concerning security (as
in accessing data on the machine for example)? And what advantages would
the user acquire by having that privilege (considering major admin
functionality is provided via the website)?
Thanks in advance for your replies.
Cheers,
Daniel
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2014-04-25 14:02:15 | Re: Pros and cons of giving someone superuser privilege |
Previous Message | Yue Wang | 2014-04-25 07:14:57 | about the copy command |