Fwd: createdb but revoke dropdb
| От | Ben Eliott |
|---|---|
| Тема | Fwd: createdb but revoke dropdb |
| Дата | |
| Msg-id | AFAD42C9-8B78-48A1-AB27-6287AEA809A4@googlemail.com обсуждение исходный текст |
| Ответ на | createdb but revoke dropdb (Ben Eliott <ben.apperrors@googlemail.com>) |
| Список | pgsql-general |
Sleep often seems a better problem solver than thinking. Create databases ahead of time and assign at the appropriate time.
Begin forwarded message:
From: Ben Eliott <ben.apperrors@googlemail.com>Date: 2 March 2010 18:22:17 GMTSubject: createdb but revoke dropdbHi,
In using 8.3. I'm trying to set up programmatic database creation but is there a way that the user creating the databases can be restricting from dropping them?
I have two roles, 'adminuser' with createdb permission, and 'dbuser' a user with CRUD privileges.
adminuser is a member of the dbuser role, this seems to allow adminuser to createdb databases for dbuser with:
createdb -U adminuser -O dbuser new_database_name
Adding .pgpass to the linux user's home directory allows createdb to work without additional user input.
But now it seems the linux user also has dropdb privileges. How can i restrict this?
Perhaps there is a recommended method to disable dropdb? Can anyone suggest?
The adminuser has no login privileges so by removing dropdb this should remove the possibility for any hacker chaos other than creating more databases?
Thanks in advance for any advice,
Ben
В списке pgsql-general по дате отправления: