| From: | Stijn Hoop <stijn(at)win(dot)tue(dot)nl> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | revoke on database not working as expected |
| Date: | 2005-08-29 13:55:20 |
| Message-ID: | 20050829135520.GS67999@pcwin002.win.tue.nl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
I'm running into a setup problem (I guess) while trying to prevent a
user from creating tables in a database.
The setup is a FreeBSD 5.4 database server accessed from a FreeBSD 6.0
development box, both running PostgreSQL 8.0.3.
This is what I have configured on the database server (firsa):
%%%
[pgsql(at)firsa] </net/postgresql> tail pg_hba.conf
local all @users md5
host all @users 127.0.0.1/32 md5
host all @users 192.168.1.0/24 md5
local privtest testpriv md5
host privtest testpriv 127.0.0.1/32 md5
host privtest testpriv 192.168.1.0/24 md5
[pgsql(at)firsa] </net/postgresql> cat users
stijn
%%%
This is what I do on the dev box (tangaloor):
%%%
[stijn(at)tangaloor] <~> host tangaloor
tangaloor.lzee.sandcat.nl has address 192.168.1.105
[stijn(at)tangaloor] <~> psql -U stijn -h firsa template1
Password:
Welcome to psql 8.0.3, the PostgreSQL interactive terminal.
template1=# \du
List of users
User name | User ID | Attributes | Groups
-----------+---------+----------------------------+--------
pgsql | 1 | superuser, create database |
stijn | 100 | superuser, create database |
template1=# create database privtest;
CREATE DATABASE
template1=# create user testpriv password 'password';
CREATE USER
template1=# \c privtest testpriv
Password:
You are now connected to database "privtest" as user "testpriv".
privtest=> create table foo (i varchar(40));
CREATE TABLE
privtest=> \c template1 stijn
Password:
You are now connected to database "template1" as user "stijn".
template1=# revoke all on database privtest from testpriv;
REVOKE
template1=# \c privtest testpriv
Password:
You are now connected to database "privtest" as user "testpriv".
privtest=> create table bar (i varchar(40));
CREATE TABLE
%%%
My question is: why can I still create table 'bar', in a database that
was not created by user 'testpriv', having explicitly revoked all
privileges on that database by a superuser?
What access credential am I missing? I've searched the handbook but all
it says is 'use \z in psql to view privileges' and that doesn't list
general database privileges.
Thanks for any clues. Please CC me as I'm not subscribed.
--Stijn
--
The right half of the brain controls the left half of the body. This means
that only left handed people are in their right mind.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2005-08-29 13:56:31 | Re: Planner create a slow plan without an available index |
| Previous Message | Ben-Nes Yonatan | 2005-08-29 11:13:06 | Planner create a slow plan without an available index |