| From: | Steve Atkins <steve(at)blighty(dot)com> |
|---|---|
| To: | pgsql-general General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Restrict allowed database names? |
| Date: | 2010-03-21 01:25:18 |
| Message-ID: | 67CBB2E6-98EC-4798-B18E-88417F08CADC@blighty.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mar 20, 2010, at 2:24 PM, Adam Seering wrote:
> Hi,
> I'm trying to set up an internal general-purpose PostgreSQL server installation. I want most users with login access to the server to be able to create databases, but only with names that follow a specified naming convention (in particular, approximately "is prefixed with the owner's username"). A subset of administrative users can create users with any name. The goal is to let users create arbitrary databases, but to force them to get approval for names that someone else (or some other service) might conceivably want.
>
> Is there any way to enforce this within PostgreSQL? Maybe something like a trigger on CREATE DATABASE, if that's possible?
I don't think so.
There are several other ways you could do it, though.
Put a wrapper script around createdb that "refuses" to create a database named outside of your naming strategy and trust your users not to work around it.
The same, but add a cron job that'll drop any badly named database every hour or so.
Don't grant any normal database users createdb privs at all, instead requiring them to use an external tool to create databases. Have that tool - whether it be a cgi script or something suid, or some other hack - use a privileged user to create the database.
Cheers,
Steve
| From | Date | Subject | |
|---|---|---|---|
| Next Message | AI Rumman | 2010-03-21 05:25:52 | like operation in tsearch |
| Previous Message | Scott Mead | 2010-03-21 01:01:27 | Re: Restrict allowed database names? |