RE: Alternate database locations

Поиск
Список
Период
Сортировка
От Tauren Mills
Тема RE: Alternate database locations
Дата
Msg-id NBBBLBKDJMGDNPMDGAABEEMFADAB.tauren@servlets.net
обсуждение исходный текст
Ответ на Re: Alternate database locations  (Tom Lane <tgl@sss.pgh.pa.us>)
Ответы Re: Alternate database locations  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-admin
Thanks for the feedback!

> >> However, this page indicates that there are security risks in
> doing this.
> >> What are those risks?  If I prevent users other than the superuser
> >> "postgres" from being able to create and drop databases, are there any
> >> security risks?
>
> > No.  The risks are related to the fact that non-superusers can also be
> > allowed to create databases.
>
> If the user's DB area is in his home directory, then he can presumably
> rename it, leading to nasty problems when operations like CHECKPOINT try
> to write to files in it.  At the very least you'd have potential for
> denial of service to all the other users.

OK, this makes sense.  In the user's home directory, I was going to create a
directory called something like ".db".  It would be owned by postgres:root
and have 700 permissions.  Within it, would be the "base" directory as
postgres:postgres and 700.

This is very similar to the way that we deploy MySQL.  But this does still
allow the user to change the directory name.  With MySQL, it would just
cause their database to not work, it wouldn't cause problems with the
server.  It sounds like this is not a good idea with PostgreSQL.

Is there any way to keep each customer's database within their user area
without the chance of breaking the database server?

> >> Lastly, I've even tried creating a database normally, then
> moving it to the
> >> user's area and creating a symlink to it.  But this didn't
> seem to work.
>
> > It should, since that is what the "official" mechanisms do as well.
>
> Yes, I'd have thought that would work.  Define "didn't seem to work",
> please.

Based on what you said, I went back and tried it again.  It "seems to work"
correctly now.  I think I must not have had the proper permissions set the
first time I tried it.

Even though this is exactly the solution I was looking for, I'm now
reluctant to use it since a user could break things by simply changing a
directory name.  I guess I'll have to keep the databases separate from the
user's home area.

Thanks,
Tauren


В списке pgsql-admin по дате отправления:

Предыдущее
От: Oliver Vecernik
Дата:
Сообщение: Re: data/base file structure
Следующее
От: Tom Lane
Дата:
Сообщение: Re: Alternate database locations