Skip site navigation (1) Skip section navigation (2)

Fwd: createdb but revoke dropdb

From: Ben Eliott <ben(dot)apperrors(at)googlemail(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: Fwd: createdb but revoke dropdb
Date: 2010-03-03 09:07:40
Message-ID: AFAD42C9-8B78-48A1-AB27-6287AEA809A4@googlemail.com (view raw or flat)
Thread:
Lists: pgsql-general
Sleep often seems a better problem solver than thinking. Create  
databases ahead of time and assign at the appropriate time.

Begin forwarded message:

> From: Ben Eliott <ben(dot)apperrors(at)googlemail(dot)com>
> Date: 2 March 2010 18:22:17 GMT
> To: pgsql-general(at)postgresql(dot)org
> Subject: createdb but revoke dropdb
>
> Hi,
> In using 8.3. I'm trying to set up programmatic database creation  
> but is there a way that the user creating the databases can be  
> restricting from dropping them?
>
> I have two roles, 'adminuser' with createdb permission, and 'dbuser'  
> a user with CRUD privileges.
>
> adminuser is a member of the dbuser role, this seems to allow  
> adminuser to createdb databases for dbuser with:
> createdb -U adminuser -O dbuser  new_database_name
> Adding .pgpass to the linux user's home directory allows createdb to  
> work without additional user input.
>
> But now it seems the linux user also has dropdb privileges. How can  
> i restrict this?
> Perhaps there is a recommended method to disable dropdb? Can anyone  
> suggest?
>
> The adminuser has no login privileges so by removing dropdb this  
> should remove the possibility for any hacker chaos other than  
> creating more databases?
>
> Thanks in advance for any advice,
> Ben
>

In response to

pgsql-general by date

Next:From: Richard HuxtonDate: 2010-03-03 09:17:11
Subject: Re: createdb but revoke dropdb
Previous:From: Albe LaurenzDate: 2010-03-03 08:11:00
Subject: Re: [GENERAL] to_timestamp() and quarters

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group