backup and permissions
| От | Fernando Moreno |
|---|---|
| Тема | backup and permissions |
| Дата | |
| Msg-id | b1c45530811131630u254ca21bv1468b07403626b9e@mail.gmail.com обсуждение исходный текст |
| Ответы |
Re: backup and permissions
|
| Список | pgsql-general |
Hi, I'm working on a little backup utility for a desktop application. It's going to execute pg_dumpall (-r) and pg_dump, but first I have to deal with the permissions needed to do that:
1. Users (pgsql roles) enabled to backup would be superusers all the time. This sounds insecure.
2. Users will get superuser access through a security definer function just before the backup, then they'll be nosuperuser again. An interrupted backup process would be dangerous, but I could check whether or not this clause is enabled, every time a user connects. Still risky.
3. Users will just be able to read every object in the database, and pg_authid. I've done some tests and this seems enough.
I need some advice to choose the better/safer option, what would you do?
Thanks in advance.
1. Users (pgsql roles) enabled to backup would be superusers all the time. This sounds insecure.
2. Users will get superuser access through a security definer function just before the backup, then they'll be nosuperuser again. An interrupted backup process would be dangerous, but I could check whether or not this clause is enabled, every time a user connects. Still risky.
3. Users will just be able to read every object in the database, and pg_authid. I've done some tests and this seems enough.
I need some advice to choose the better/safer option, what would you do?
Thanks in advance.
В списке pgsql-general по дате отправления: