From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Scott Ribe <scott_ribe(at)elevated-dev(dot)com> |
Cc: | Evan Rempel <erempel(at)uvic(dot)ca>, pgsql-admin(at)lists(dot)postgresql(dot)org |
Subject: | Re: How to revoke privileged from PostgreSQL's superuser |
Date: | 2018-08-15 21:09:26 |
Message-ID: | 20180815210926.GD5005@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin pgsql-general |
On Wed, Aug 15, 2018 at 03:03:41PM -0600, Scott Ribe wrote:
> > On Aug 15, 2018, at 2:57 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> >
> > On Wed, Aug 15, 2018 at 01:52:43PM -0700, Evan Rempel wrote:
> >> There are just a ton of configuration elements that the DBAs need
> >> to decide on and implement that require configuration of components
> >> that are outside of the database proper.
> >>
> >> It was a worthwhile discussion. One needs to trust the data
> >> stewards.
> >
> > Agreed. I just wish it had a more positive outcome. ;-)
>
> Well, it probably elucidated the issues enough that an expert in
> SELinux could configure a server such that DBAs could not disable
> logging. Of course, you still have to trust somebody with that
> configuration, but it is possible to separate responsibilities if you
> work hard enough at it.
Well, since the superuser can start the server with whatever arguments
they want, I am not sure how SELinux would help here.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
From | Date | Subject | |
---|---|---|---|
Next Message | Scott Ribe | 2018-08-15 21:16:28 | Re: How to revoke privileged from PostgreSQL's superuser |
Previous Message | Scott Ribe | 2018-08-15 21:03:41 | Re: How to revoke privileged from PostgreSQL's superuser |
From | Date | Subject | |
---|---|---|---|
Next Message | Scott Ribe | 2018-08-15 21:16:28 | Re: How to revoke privileged from PostgreSQL's superuser |
Previous Message | Scott Ribe | 2018-08-15 21:03:41 | Re: How to revoke privileged from PostgreSQL's superuser |