Обсуждение: pg_user

hi

can we change initdb when view pg_user is createing to :

CREATE VIEW pg_user AS \   SELECT \       usename, \       usesysid, \       usecreatedb, \       usesuper, \
usecatupd,\       '********'::text as passwd, \       valuntil, \       useconfig \   FROM pg_shadow WHERE usename =
SESSION_USER;

?

ivan wrote:

> hi
> 
> can we change initdb when view pg_user is createing to :
> 
> CREATE VIEW pg_user AS \
>     SELECT \
>         usename, \
>         usesysid, \
>         usecreatedb, \
>         usesuper, \
>         usecatupd, \
>         '********'::text as passwd, \
>         valuntil, \
>         useconfig \
>     FROM pg_shadow WHERE usename = SESSION_USER;

No, at least not without a complete proposal how to retain the current 
behaviour of pg_tables, pg_views, psql's \d and other places that rely 
on pg_user being able to display all users.

It's the same thing with your /etc/passwd. chmod o-rwx /etc/passwd will 
hide the usernames but break many utilities. If you don't want someone 
to know all the logins, don't give him one.


Jan

-- 
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== JanWieck@Yahoo.com #

you can also patch your kernel and when you write cat /etc/passwd system
give you only your line , whitout any others users, so exacly what you
need ,
in pgsql i think that users dont need to know about others , and also
them
databases, i call it security :)

On Mon, 27 Oct 2003, Jan Wieck wrote:

> ivan wrote:
>
> > hi
> >
> > can we change initdb when view pg_user is createing to :
> >
> > CREATE VIEW pg_user AS \
> >     SELECT \
> >         usename, \
> >         usesysid, \
> >         usecreatedb, \
> >         usesuper, \
> >         usecatupd, \
> >         '********'::text as passwd, \
> >         valuntil, \
> >         useconfig \
> >     FROM pg_shadow WHERE usename = SESSION_USER;
>
> No, at least not without a complete proposal how to retain the current
> behaviour of pg_tables, pg_views, psql's \d and other places that rely
> on pg_user being able to display all users.
>
> It's the same thing with your /etc/passwd. chmod o-rwx /etc/passwd will
> hide the usernames but break many utilities. If you don't want someone
> to know all the logins, don't give him one.
>
>
> Jan
>
> --
> #======================================================================#
> # It's easier to get forgiveness for being wrong than for being right. #
> # Let's break this rule - forgive me.                                  #
> #================================================== JanWieck@Yahoo.com #
>

rfc 1925 (see http://www.faqs.org/rfcs/rfc1925.html ) states:

"With sufficient thrust, pigs fly just fine. However, this is not 
necessarily a good idea. It is hard to be sure where they are going to 
land, and it could be dangerous sitting under them as they fly overhead."

You can call it security if you like, but I call it trying to make a pig 
fly.

If you don't want your users to know about each other then put them on 
different clusters. Or if they need access to the same data then mediate 
access via a middle layer at the server end instead of allowing direct 
access to the database(s) - three layer models are very common for this 
and other reasons.

cheers

andrew


ivan wrote:

>you can also patch your kernel and when you write cat /etc/passwd system
>give you only your line , whitout any others users, so exacly what you
>need ,
>in pgsql i think that users dont need to know about others , and also
>them
>databases, i call it security :)
>
>On Mon, 27 Oct 2003, Jan Wieck wrote:
>
>  
>
>>ivan wrote:
>>
>>    
>>
>>>hi
>>>
>>>can we change initdb when view pg_user is createing to :
>>>
>>>CREATE VIEW pg_user AS \
>>>    SELECT \
>>>        usename, \
>>>        usesysid, \
>>>        usecreatedb, \
>>>        usesuper, \
>>>        usecatupd, \
>>>        '********'::text as passwd, \
>>>        valuntil, \
>>>        useconfig \
>>>    FROM pg_shadow WHERE usename = SESSION_USER;
>>>      
>>>
>>No, at least not without a complete proposal how to retain the current
>>behaviour of pg_tables, pg_views, psql's \d and other places that rely
>>on pg_user being able to display all users.
>>
>>It's the same thing with your /etc/passwd. chmod o-rwx /etc/passwd will
>>hide the usernames but break many utilities. If you don't want someone
>>to know all the logins, don't give him one.
>>
>>
>>Jan
>>
>>--
>>#======================================================================#
>># It's easier to get forgiveness for being wrong than for being right. #
>># Let's break this rule - forgive me.                                  #
>>#================================================== JanWieck@Yahoo.com #
>>
>>    
>>
>
>---------------------------(end of broadcast)---------------------------
>TIP 3: if posting/reading through Usenet, please send an appropriate
>      subscribe-nomail command to majordomo@postgresql.org so that your
>      message can get through to the mailing list cleanly
>
>  
>

On Thu, 30 Oct 2003, ivan wrote:

> 
> you can also patch your kernel and when you write cat /etc/passwd system
> give you only your line , whitout any others users, so exacly what you
> need ,
> in pgsql i think that users dont need to know about others , and also
> them
> databases, i call it security :)

technically, that's just obscurity.

ivan wrote:

> you can also patch your kernel and when you write cat /etc/passwd system
> give you only your line , whitout any others users, so exacly what you
> need ,
> in pgsql i think that users dont need to know about others , and also
> them
> databases, i call it security :)

No, it's not security, it is obscurity. The point is that this 
modification is not backward compatible and the only scenario I can 
imagine where it would be good to have this is for a hosting provider 
who want's to cram up multiple hosted databases under one postmaster.

I am not per se against such change. It never striked me as a good idea 
in general that we only have the one, shared pg_shadow catalog and all 
databases share all users. So I think what I try to say is ... back to 
the drawing board, because your initial solution is not acceptable.


Jan


> 
> On Mon, 27 Oct 2003, Jan Wieck wrote:
> 
>> ivan wrote:
>>
>> > hi
>> >
>> > can we change initdb when view pg_user is createing to :
>> >
>> > CREATE VIEW pg_user AS \
>> >     SELECT \
>> >         usename, \
>> >         usesysid, \
>> >         usecreatedb, \
>> >         usesuper, \
>> >         usecatupd, \
>> >         '********'::text as passwd, \
>> >         valuntil, \
>> >         useconfig \
>> >     FROM pg_shadow WHERE usename = SESSION_USER;
>>
>> No, at least not without a complete proposal how to retain the current
>> behaviour of pg_tables, pg_views, psql's \d and other places that rely
>> on pg_user being able to display all users.
>>
>> It's the same thing with your /etc/passwd. chmod o-rwx /etc/passwd will
>> hide the usernames but break many utilities. If you don't want someone
>> to know all the logins, don't give him one.
>>
>>
>> Jan
>>
>> --
>> #======================================================================#
>> # It's easier to get forgiveness for being wrong than for being right. #
>> # Let's break this rule - forgive me.                                  #
>> #================================================== JanWieck@Yahoo.com #
>>


-- 
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== JanWieck@Yahoo.com #