Re: Alternate database locations

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: Alternate database locations
Дата
Msg-id 29453.991664104@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: Alternate database locations  (Peter Eisentraut <peter_e@gmx.net>)
Ответы RE: Alternate database locations  ("Tauren Mills" <tauren@servlets.net>)
Список pgsql-admin
Peter Eisentraut <peter_e@gmx.net> writes:
>> However, this page indicates that there are security risks in doing this.
>> What are those risks?  If I prevent users other than the superuser
>> "postgres" from being able to create and drop databases, are there any
>> security risks?

> No.  The risks are related to the fact that non-superusers can also be
> allowed to create databases.

If the user's DB area is in his home directory, then he can presumably
rename it, leading to nasty problems when operations like CHECKPOINT try
to write to files in it.  At the very least you'd have potential for
denial of service to all the other users.

>> Lastly, I've even tried creating a database normally, then moving it to the
>> user's area and creating a symlink to it.  But this didn't seem to work.

> It should, since that is what the "official" mechanisms do as well.

Yes, I'd have thought that would work.  Define "didn't seem to work",
please.

            regards, tom lane

В списке pgsql-admin по дате отправления:

Предыдущее
От: Peter Eisentraut
Дата:
Сообщение: Re: Alternate database locations
Следующее
От: Lee Kwok Shing
Дата:
Сообщение: Re: System hangs when Insert/Update