Обсуждение: SECURITY

Поиск
Список
Период
Сортировка

SECURITY

От
ivan
Дата:

why when i create user and create database for this user, he can connect
to my others database , (not only his own) and create there tables and
etc.
He can not select , delete etc but he can create something and then drop
this , is can be like a bug ?

Re: SECURITY

От
Sean Chittenden
Дата:
> why when i create user and create database for this user, he can
> connect to my others database , (not only his own) and create there
> tables and etc.  He can not select , delete etc but he can create
> something and then drop this , is can be like a bug ?

Nope.  You need to remove access to the public schema if you want to
prevent this.

REVOKE USAGE ON SCHEMA public FROM PUBLIC;

It also might be wise for you to look at the pg_hba.conf and make use
of the samegroup directive.  -sc


PS <feature_request>It'd be really slick if there was a database,
   user, and method type that'd be pgsql or some such and would allow
   the DBA to configure what users get access to what tables _inside_
   of the database via a system catalog, leaving pg_hba.conf as an all
   else fails last resort mechanism used in recovery or
   bootstrapping.</feature_request>

--
Sean Chittenden

Re: SECURITY

От
Bruno Wolff III
Дата:
On Wed, May 21, 2003 at 20:18:03 +0200,
  ivan <ivan@psycho.pl> wrote:
>
>
> why when i create user and create database for this user, he can connect
> to my others database , (not only his own) and create there tables and
> etc.
> He can not select , delete etc but he can create something and then drop
> this , is can be like a bug ?

In 7.2 and higher you can control this (being able to connect to a database)
in pg_hba.conf by setting up per user per database rules for authentication
methods.

As an alternative in 7.3 and higher you can control being able to create
objects in a database. To prevent creation of schemas and temporary tables
issue:
REVOKE ALL ON DATABASE database_name FROM PUBLIC;

The PUBLIC schema allows object creation by default. To prevent people
from creating objects there issue:
REVOKE CREATE ON SCHEMA PUBLIC FROM PUBLIC;

Re: SECURITY

От
"A.Bhuvaneswaran"
Дата:
> why when i create user and create database for this user, he can connect
> to my others database , (not only his own) and create there tables and
> etc.
> He can not select , delete etc but he can create something and then drop
> this , is can be like a bug ?

It need not be a bug. As and when you create a database, you are able to
revoke permissions to the database from other users. If you do that, no
other users would be able to access the database. Refer REVOKE command for
details.

regards,
bhuvaneswaran