Re: allowing privileges on untrusted languages

On 19 January 2013 13:45, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote:

> I think, it is a time to investigate separation of database superuser privileges
> into several fine-grained capabilities, like as operating system doing.
> https://github.com/torvalds/linux/blob/master/include/uapi/linux/capability.h
>
> In case of Linux, the latest kernel has 36 kinds of capabilities that reflects
> a part of root privileges, such as privilege to open listen port less than 1024,
> privilege to override DAC permission and so on. Traditional root performs
> as a user who has all the capability in default.

Sounds like the best way to go. The reasoning that led to that change
works for us as well.

-- Simon Riggs                   http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services