Re: [HACKERS] Postgres acl (fwd)
Marc G. Fournier <scrappy@hub.org>
From: The Hermit Hacker <scrappy@hub.org>
To: Bruce Momjian <maillist@candle.pha.pa.us>
Cc: kwitten@qdt.com, hackers@postgreSQL.org
Date: 1998-01-06T18:47:17Z
Lists: pgsql-hackers
On Tue, 6 Jan 1998, Bruce Momjian wrote: > > > > On Tue, 6 Jan 1998, Bruce Momjian wrote: > > > > > Can someone who has permission to create databases be trusted not to > > > delete others? If we say no, how do we make sure they can change > > > pg_database rows on only databases that they own? > > > > deleting a database is accomplished using 'drop database', no? > > Can the code for that not be modified to see whether the person dropping > > the database is the person that owns it *or* pgsuperuser? > > It already does the check, but issues an SQL from the C code to delete > from pg_database. I believe any user who can create a database can > issue the same SQL command from psql, bypassing the drop database > checks, no? Okay, I understand what you mean here...so I guess the next question is should system tables be directly modifyable by non-superuser? For instance, we have a 'drop database' SQL command...can we restrict 'delete from pg_database' to just superuser, while leaving 'drop database' open to those with createdb privileges? Same with 'create user', and, possible, a 'create group' command instead of 'insert into pg_group'?