| From: | "Tauren Mills" <tauren(at)servlets(dot)net> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Peter Eisentraut" <peter_e(at)gmx(dot)net> |
| Cc: | <pgsql-admin(at)postgresql(dot)org> |
| Subject: | RE: Alternate database locations |
| Date: | 2001-06-04 20:27:04 |
| Message-ID: | NBBBLBKDJMGDNPMDGAABEEMFADAB.tauren@servlets.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin pgsql-general |
Thanks for the feedback!
> >> However, this page indicates that there are security risks in
> doing this.
> >> What are those risks? If I prevent users other than the superuser
> >> "postgres" from being able to create and drop databases, are there any
> >> security risks?
>
> > No. The risks are related to the fact that non-superusers can also be
> > allowed to create databases.
>
> If the user's DB area is in his home directory, then he can presumably
> rename it, leading to nasty problems when operations like CHECKPOINT try
> to write to files in it. At the very least you'd have potential for
> denial of service to all the other users.
OK, this makes sense. In the user's home directory, I was going to create a
directory called something like ".db". It would be owned by postgres:root
and have 700 permissions. Within it, would be the "base" directory as
postgres:postgres and 700.
This is very similar to the way that we deploy MySQL. But this does still
allow the user to change the directory name. With MySQL, it would just
cause their database to not work, it wouldn't cause problems with the
server. It sounds like this is not a good idea with PostgreSQL.
Is there any way to keep each customer's database within their user area
without the chance of breaking the database server?
> >> Lastly, I've even tried creating a database normally, then
> moving it to the
> >> user's area and creating a symlink to it. But this didn't
> seem to work.
>
> > It should, since that is what the "official" mechanisms do as well.
>
> Yes, I'd have thought that would work. Define "didn't seem to work",
> please.
Based on what you said, I went back and tried it again. It "seems to work"
correctly now. I think I must not have had the proper permissions set the
first time I tried it.
Even though this is exactly the solution I was looking for, I'm now
reluctant to use it since a user could break things by simply changing a
directory name. I guess I'll have to keep the databases separate from the
user's home area.
Thanks,
Tauren
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-06-04 20:35:03 | Re: Alternate database locations |
| Previous Message | Oliver Vecernik | 2001-06-04 18:50:01 | Re: data/base file structure |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-06-04 20:35:03 | Re: Alternate database locations |
| Previous Message | Tom Lane | 2001-06-04 20:12:39 | Re: template1, can there be a template2/3/4? |