(My apologies if this has been posted before - as you'll see, this isn't
the easiest thing to find in the archives.)
The scenario: We want to allow common users access to their own databases
for development.
The issue: As a user (not a superuser), I can modify any database on the
system, albeit only through CREATE TABLE.
CREATE USER myuser WITH PASSWORD 'blah' CREATEDB;
psql template1 -h db -U myuser
(password auth)
template1 => CREATE DATABASE myuser;
(re-auth as user postgres, drop createdb privs)
ALTER USER myuser NOCREATEDB;
Now, we connect to our database (myuser) as myuser and go about our
business. However, I can connect to any other database I've got access to
through pg_hba.conf:
psql somedb -h db -U myuser
(password auth)
somedb => \d
I can't modify/etc. any existing tables, as one would expect, but:
somedb=> CREATE TABLE mytable(test text);
CREATE
Why is this allowed? Any way to prevent it? We've got a lot of users
working on a development server that obviously has hba to quite a few
databases...
Thanks,
John
--
John Madden
UNIX Systems Engineer
Ivy Tech State College
jmadden@ivytech.edu