Обсуждение: User administration tool
[ Replies set to hackers.] I have started coding a user/group administration tool that allows you to add/modify/delete users and groups. I should have something working in a week. I will look similar to my pgmonitor tool. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
> I have started coding a user/group administration tool that allows you > to add/modify/delete users and groups. I should have something working > in a week. I will look similar to my pgmonitor tool. > semi related to this, I have always thought that the way postgresql handles the deletion of users and groups to be flawed. If I create a user, grant permissions on a table and then drop the user, permissions now exist on that table for a user that does not exist. I see this as a possible security flaw since a new user can then be created with the user id of the ID user and have all the permissions that might have ever been assigned to that old user. When a user is deleted, shouldn't all permissions associated with that user be deleted also, I would think this could be handled with a PK/ FK cascading delete type setup. my 2¢ Matt O'Connor
Matthew writes: > semi related to this, I have always thought that the way postgresql > handles the deletion of users and groups to be flawed. If I create a user, > grant permissions on a table and then drop the user, permissions now exist > on that table for a user that does not exist. Unfortunately it is not possible to prevent this with anything approaching ease, in the same way that userdel on Unix can't scan all file systems for some to-be-stale files before removing users. > I see this as a possible security flaw since a new user can then be > created with the user id of the ID user and have all the permissions > that might have ever been assigned to that old user. This will be fixed in 7.2 when Oids will be used as user ids. Of course Oids can wrap, but that's another days project... -- Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
Bruce Momjian writes: > I have started coding a user/group administration tool that allows you > to add/modify/delete users and groups. I should have something working > in a week. I will look similar to my pgmonitor tool. Pgaccess already does part of this. If you're going to write it in Tcl/Tk anyway, I think you might as well integrate it there. -- Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
> Bruce Momjian writes: > > > I have started coding a user/group administration tool that allows you > > to add/modify/delete users and groups. I should have something working > > in a week. I will look similar to my pgmonitor tool. > > Pgaccess already does part of this. If you're going to write it in Tcl/Tk > anyway, I think you might as well integrate it there. Wow, I see. I never suspected it did that too. :-) Seems I don't need to write anything, except perhaps add group capabilities to pgaccess. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
On Fri, Mar 30, 2001 at 10:48:54AM -0500, Bruce Momjian wrote: > > Bruce Momjian writes: > > > > > I have started coding a user/group administration tool that allows you > > > to add/modify/delete users and groups. I should have something working > > > in a week. I will look similar to my pgmonitor tool. > > > > Pgaccess already does part of this. If you're going to write it in Tcl/Tk > > anyway, I think you might as well integrate it there. > > Wow, I see. I never suspected it did that too. :-) Seems I don't need > to write anything, except perhaps add group capabilities to pgaccess. Isn't phpPgAdmin yet another tool of this type? I haven't tried it myself, (no need, myself being the only user...) but the web page (http://www.greatbridge.org/project/phppgadmin/projdisplay.php) says: Features include: * create and drop databases * create, copy, drop and alter tables/views/sequences/functions/indicies/triggers * edit and add fields (to the extent Postgres allows) * execute any SQL-statement, even batch-queries * manage primaryand unique keys * create and read dumps of tables * administer one single database * administer multipleservers * administer postgres users and groups Greetinx, Jan -- +- Jan T. Kim -------------------------------------------------------+| *NEW* --> email: kim@inb.mu-luebeck.de || *NEW* --> WWW: http://www.inb.mu-luebeck.de/staff/kim.html |*-----=< hierarchical systemsare for files, not for humans >=-----*