| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Guillaume LELARGE <guillaume(dot)lelarge(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Something I don't understand with the use of schemas |
| Date: | 2005-12-10 18:47:32 |
| Message-ID: | 20051210184732.GB25744@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Dec 10, 2005 at 14:25:46 -0300,
Alvaro Herrera <alvherre(at)commandprompt(dot)com> wrote:
> Joshua D. Drake wrote:
> >
> > >However there is an effort to get rid of root in some Unix lands,
> > >separating its responsabilities with more granularity. Maybe there
> > >could be an effort, not to hand-hold the true superusers, but to
> > >delegate some of its responsabilities to other users.
> >
> > Like sudo?
>
> I was thinking in the thing called "capabilities".
Note that the linux 'capabilities' is not the same thing as 'capabilities'
is to some security researchers. To them a capability is sort of like a
file handle, and you can't do anything with an object until you get a file
handle to it. If you want to give some one else access to something you
have access to, you give them a copy of the file handle you hold. Doing things
this way simplifies some aspects of designing secure systems.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2005-12-10 19:37:59 | Re: Log of CREATE USER statement |
| Previous Message | Joshua D. Drake | 2005-12-10 18:22:07 | Re: Something I don't understand with the use of schemas |