Re: [HACKERS] Postgres acl (fwd)
| От | The Hermit Hacker |
|---|---|
| Тема | Re: [HACKERS] Postgres acl (fwd) |
| Дата | |
| Msg-id | Pine.NEB.3.95.980106134330.29984U-100000@hub.org обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Postgres acl (fwd) (Bruce Momjian <maillist@candle.pha.pa.us>) |
| Ответы |
Re: [HACKERS] Postgres acl (fwd)
|
| Список | pgsql-hackers |
On Tue, 6 Jan 1998, Bruce Momjian wrote:
> >
> > On Tue, 6 Jan 1998, Bruce Momjian wrote:
> >
> > > Can someone who has permission to create databases be trusted not to
> > > delete others? If we say no, how do we make sure they can change
> > > pg_database rows on only databases that they own?
> >
> > deleting a database is accomplished using 'drop database', no?
> > Can the code for that not be modified to see whether the person dropping
> > the database is the person that owns it *or* pgsuperuser?
>
> It already does the check, but issues an SQL from the C code to delete
> from pg_database. I believe any user who can create a database can
> issue the same SQL command from psql, bypassing the drop database
> checks, no?
Okay, I understand what you mean here...so I guess the next
question is should system tables be directly modifyable by non-superuser?
For instance, we have a 'drop database' SQL command...can we
restrict 'delete from pg_database' to just superuser, while leaving 'drop
database' open to those with createdb privileges? Same with 'create
user', and, possible, a 'create group' command instead of 'insert into
pg_group'?
В списке pgsql-hackers по дате отправления: