| From: | Ben Eliott <ben(dot)apperrors(at)googlemail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Fwd: createdb but revoke dropdb |
| Date: | 2010-03-03 09:07:40 |
| Message-ID: | AFAD42C9-8B78-48A1-AB27-6287AEA809A4@googlemail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Sleep often seems a better problem solver than thinking. Create
databases ahead of time and assign at the appropriate time.
Begin forwarded message:
> From: Ben Eliott <ben(dot)apperrors(at)googlemail(dot)com>
> Date: 2 March 2010 18:22:17 GMT
> To: pgsql-general(at)postgresql(dot)org
> Subject: createdb but revoke dropdb
>
> Hi,
> In using 8.3. I'm trying to set up programmatic database creation
> but is there a way that the user creating the databases can be
> restricting from dropping them?
>
> I have two roles, 'adminuser' with createdb permission, and 'dbuser'
> a user with CRUD privileges.
>
> adminuser is a member of the dbuser role, this seems to allow
> adminuser to createdb databases for dbuser with:
> createdb -U adminuser -O dbuser new_database_name
> Adding .pgpass to the linux user's home directory allows createdb to
> work without additional user input.
>
> But now it seems the linux user also has dropdb privileges. How can
> i restrict this?
> Perhaps there is a recommended method to disable dropdb? Can anyone
> suggest?
>
> The adminuser has no login privileges so by removing dropdb this
> should remove the possibility for any hacker chaos other than
> creating more databases?
>
> Thanks in advance for any advice,
> Ben
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Huxton | 2010-03-03 09:17:11 | Re: createdb but revoke dropdb |
| Previous Message | Albe Laurenz | 2010-03-03 08:11:00 | Re: [GENERAL] to_timestamp() and quarters |