RE: Alternate database locations
| От | Tauren Mills |
|---|---|
| Тема | RE: Alternate database locations |
| Дата | |
| Msg-id | NBBBLBKDJMGDNPMDGAABEEMFADAB.tauren@servlets.net обсуждение исходный текст |
| Ответ на | Re: Alternate database locations (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: Alternate database locations
|
| Список | pgsql-admin |
Thanks for the feedback! > >> However, this page indicates that there are security risks in > doing this. > >> What are those risks? If I prevent users other than the superuser > >> "postgres" from being able to create and drop databases, are there any > >> security risks? > > > No. The risks are related to the fact that non-superusers can also be > > allowed to create databases. > > If the user's DB area is in his home directory, then he can presumably > rename it, leading to nasty problems when operations like CHECKPOINT try > to write to files in it. At the very least you'd have potential for > denial of service to all the other users. OK, this makes sense. In the user's home directory, I was going to create a directory called something like ".db". It would be owned by postgres:root and have 700 permissions. Within it, would be the "base" directory as postgres:postgres and 700. This is very similar to the way that we deploy MySQL. But this does still allow the user to change the directory name. With MySQL, it would just cause their database to not work, it wouldn't cause problems with the server. It sounds like this is not a good idea with PostgreSQL. Is there any way to keep each customer's database within their user area without the chance of breaking the database server? > >> Lastly, I've even tried creating a database normally, then > moving it to the > >> user's area and creating a symlink to it. But this didn't > seem to work. > > > It should, since that is what the "official" mechanisms do as well. > > Yes, I'd have thought that would work. Define "didn't seem to work", > please. Based on what you said, I went back and tried it again. It "seems to work" correctly now. I think I must not have had the proper permissions set the first time I tried it. Even though this is exactly the solution I was looking for, I'm now reluctant to use it since a user could break things by simply changing a directory name. I guess I'll have to keep the databases separate from the user's home area. Thanks, Tauren
В списке pgsql-admin по дате отправления: