Re: How to revoke privileged from PostgreSQL's superuser

On Wed, Aug 15, 2018 at 03:03:41PM -0600, Scott Ribe wrote:
> > On Aug 15, 2018, at 2:57 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> >
> > On Wed, Aug 15, 2018 at 01:52:43PM -0700, Evan Rempel wrote:
> >> There are just a ton of configuration elements that the DBAs need
> >> to decide on and implement that require configuration of components
> >> that are outside of the database proper.
> >>
> >> It was a worthwhile discussion. One needs to trust the data
> >> stewards.
> >
> > Agreed. I just wish it had a more positive outcome. ;-)
>
> Well, it probably elucidated the issues enough that an expert in
> SELinux could configure a server such that DBAs could not disable
> logging. Of course, you still have to trust somebody with that
> configuration, but it is possible to separate responsibilities if you
> work hard enough at it.

Well, since the superuser can start the server with whatever arguments
they want, I am not sure how SELinux would help here.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +