From: | Devrim GUNDUZ <devrim(at)gunduz(dot)org> |
---|---|
To: | Shane Dawalt <shane(dot)dawalt(at)wright(dot)edu> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: 8.0.1 SRPM on RHEL v.3 |
Date: | 2005-10-05 14:30:42 |
Message-ID: | Pine.LNX.4.63.0509300109150.31275@mail.kivi.com.tr |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hi,
On Thu, 29 Sep 2005, Shane Dawalt wrote:
>> rpmbuild --rebuild --define 'kerbdir=/usr/kerberos'
>> postgresql-8.0.1-2PGDG.src.rpm
>
> I tried this, but it also resulted in not finding kbr5.h. Looking through
> the Configure log, the '=' on the --define option was actually used as part
> of the directory. That is, the Configure command line showed
> "--with-includes==/usr/kerberos/include". I cannot find any information on
> the --define option in the rpmbuild manpage, so I don't know what the proper
> syntax really is. But I changed the '=' to a space and everything built
> correctly.
Sorry, that was my typo :(
Regards,
--
Devrim GUNDUZ
Kivi Bilişim Teknolojileri - http://www.kivi.com.tr
devrim~gunduz.org, devrim~PostgreSQL.org, devrim.gunduz~linux.org.tr
http://www.gunduz.org
>From pgsql-general-owner(at)postgresql(dot)org Wed Oct 5 11:32:54 2005
X-Original-To: pgsql-general-postgresql(dot)org(at)localhost(dot)postgresql(dot)org
Received: from localhost (av.hub.org [200.46.204.144])
by svr1.postgresql.org (Postfix) with ESMTP id 4ED49D8190
for <pgsql-general-postgresql(dot)org(at)localhost(dot)postgresql(dot)org>; Wed, 5 Oct 2005 11:32:51 -0300 (ADT)
Received: from svr1.postgresql.org ([200.46.204.71])
by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024)
with ESMTP id 45317-09
for <pgsql-general-postgresql(dot)org(at)localhost(dot)postgresql(dot)org>;
Wed, 5 Oct 2005 14:32:46 +0000 (GMT)
Received: from www26a.your-server.co.za (www26a.your-server.co.za [196.7.147.26])
by svr1.postgresql.org (Postfix) with ESMTP id D89C7D80C2
for <pgsql-general(at)postgresql(dot)org>; Wed, 5 Oct 2005 11:32:48 -0300 (ADT)
Received: from wbs-196-2-114-232.wbs.co.za ([196.2.114.232] helo=[127.0.0.1])
by www26a.your-server.co.za with esmtp (Exim 4.51)
id 1ENAK5-0001iS-38
for pgsql-general(at)postgresql(dot)org; Wed, 05 Oct 2005 16:32:51 +0200
Message-ID: <4343E3CE(dot)8080508(at)lani(dot)co(dot)za>
Date: Wed, 05 Oct 2005 16:31:42 +0200
From: L van der Walt <mailing(at)lani(dot)co(dot)za>
Organization: lanivdw(at)global(dot)co(dot)za
User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: pgsql-general(at)postgresql(dot)org
Subject: Securing Postgres
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: Clear (ClamAV 0.87/1113/Wed Oct 5 13:13:44 2005)
X-Virus-Scanned: by amavisd-new at hub.org
X-Spam-Status: No, hits=0.141 required=5 tests=[AWL=0.141]
X-Spam-Level:
X-Archive-Number: 200510/170
X-Sequence-Number: 84399
Example: On a MS Windows Server with MS SQL Server. The administrator
with the administrator username and password can not access the SQL
server data. He also needs the SA username and password for the SQL
server to do so. He can stop and start the server and so on but not
access the data.
How do I secure a system in the same way with Linux and PostgreSQL.
Richard Huxton wrote:
> L van der Walt wrote:
>
>> I would like to secure Postgres completly.
>>
>> Some issues that I don't know you to fix:
>> 1. User postgres can use psql (...) to do anything.
>
>
>
> Prevent anyone from logging in as user postgres.
> Remove psql.
>
>> 2. User root can su to postgres and thus do anything.
>
>
>
> That's the root user - it is supposed to be able to do what it likes.
>
>> 3. Disable all tools like pg_dump
>
>
>
> You can delete the executables, but that's not going to stop people
> running their own version if they can connect.
>
>> How do I secure a database if I don't trust the administrators.
>> The administrator will not break the db but they may not view
>> any information in the databse.
>
>
>
> If you don't trust the administrators of the machine, there's nothing
> you can do if they have physical access to it. They'll always be able
> to work around anything you can do.
>
> Can you say more about the situation - it might be someone has been in
> a similar situation themselves?
> --
> Richard Huxton
> Archonet Ltd
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Richard Huxton | 2005-10-05 14:32:53 | Re: Securing Postgres |
Previous Message | Berend Tober | 2005-10-05 14:23:58 | Re: Securing Postgres |