Sleep often seems a better problem solver than thinking. Create  
databases ahead of time and assign at the appropriate time.

Begin forwarded message:

> From: Ben Eliott <ben(dot)apperrors(at)googlemail(dot)com>
> Date: 2 March 2010 18:22:17 GMT
> To: pgsql-general(at)postgresql(dot)org
> Subject: createdb but revoke dropdb
>
> Hi,
> In using 8.3. I'm trying to set up programmatic database creation  
> but is there a way that the user creating the databases can be  
> restricting from dropping them?
>
> I have two roles, 'adminuser' with createdb permission, and 'dbuser'  
> a user with CRUD privileges.
>
> adminuser is a member of the dbuser role, this seems to allow  
> adminuser to createdb databases for dbuser with:
> createdb -U adminuser -O dbuser  new_database_name
> Adding .pgpass to the linux user's home directory allows createdb to  
> work without additional user input.
>
> But now it seems the linux user also has dropdb privileges. How can  
> i restrict this?
> Perhaps there is a recommended method to disable dropdb? Can anyone  
> suggest?
>
> The adminuser has no login privileges so by removing dropdb this  
> should remove the possibility for any hacker chaos other than  
> creating more databases?
>
> Thanks in advance for any advice,
> Ben
>

In response to

• createdb but revoke dropdb at 2010-03-02 18:22:17 from Ben Eliott

pgsql-general by date

Next:	From: Richard Huxton	Date: 2010-03-03 09:17:11
	Subject: Re: createdb but revoke dropdb
Previous:	From: Albe Laurenz	Date: 2010-03-03 08:11:00
	Subject: Re: [GENERAL] to_timestamp() and quarters