Re: Giving postgres roles 'sudo'-like access

From: Mario Splivalo <mario(dot)splivalo(at)megafon(dot)hr>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: Giving postgres roles 'sudo'-like access
Date: 2011-12-20 08:14:25
Message-ID: 4EF043E1.4010808@megafon.hr
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On 12/19/2011 07:46 PM, Craig James wrote:
> Backend Postgres processes run as the Postgres user, so they have
> permission to kill each other. You write an add-on function that just
> kills a process:
>
> select my_kill_backend(pid);
>
> Naturally, this is very dangerous. There are all sorts of security
> implications. You want to use signal 2 or 15, not 9. And so forth.

That 'my_kill_backend' actually calls kill, not pg_cancel/terminate_backend?

I'm thinking into creating this function, and granting particular role
access to it, and then make sure, in the function, that it can kill only
processes 'owned' by that role.

Mario

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Greg Smith 2011-12-20 13:49:28 Re: Giving postgres roles 'sudo'-like access
Previous Message Lukasz Brodziak 2011-12-19 22:01:13 Re: information_schema.tables view does not exist