Re: Pros and cons of giving someone superuser privilege
| От | Bruce Momjian |
|---|---|
| Тема | Re: Pros and cons of giving someone superuser privilege |
| Дата | |
| Msg-id | 20140515194453.GA25052@momjian.us обсуждение исходный текст |
| Ответ на | Pros and cons of giving someone superuser privilege (Daniel Gomez Blanco <nanodgb@gmail.com>) |
| Список | pgsql-admin |
On Fri, Apr 25, 2014 at 03:46:52PM +0200, Daniel Gomez Blanco wrote: > Hi all, > > I'm part of a service where we provide users with their own PostgreSQL > instances. The idea is that we provide them with a website to request and > manage their databases (start/stop, backups, restores, upgrades, monitoring, > etc). By doing this, we avoid having to give them access to the machine where > their database is running, as this would be a security concern. But in the end, > the user is the sole responsible for the database. > > At the moment we create an "admin" user for them and give it "createdb" and > "createrole" privileges. My question is, in case we give that user the > superuser privilege, what would the repercussion be concerning security (as in Have you considered that your users can _create_ superusers? I think modified Amazon Postgres blocks that, but native Postgres does not. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. +
В списке pgsql-admin по дате отправления: