Обсуждение: User privileges-verification required
Hello all, While playing around with database users, I noticed one odd thing regarding user privileges. In case I have only one user in my database who is also the DBSystem (who carries out initdb), user then if that user takes away his "createuser" privileges, he is unable to grant himself that privilege again or grant that privilege to any other user that he creates.This creates quite a fix since you end up with no superusers, nor a way to create any other superusers. In my opinion we should cater for such a situation, and two possible solutions come to my mind for this: 1. Place a restriction that there should be more than one superuser before you can issue a "NOCREATEUSER" command. 2 Only the DBsystemuser should be allowed to grant and revoke the "createuser" privileges. Let me know what you all think. Thanks, Nauman
Am Freitag, 24. Februar 2006 14:25 schrieb Nauman Naeem: > In case I have only one user in my database who is also the DBSystem > (who carries out initdb), user then if that user takes away his > "createuser" privileges, he is unable to grant himself that privilege > again or grant that privilege to any other user that he creates.This > creates quite a fix since you end up with no superusers, nor a way to > create any other superusers. Shut down the server, start in single-user mode, then you can fix it. -- Peter Eisentraut http://developer.postgresql.org/~petere/
I tried the single-user mode option and it worked, thanks! but, don't you people think that we should provide this privilege in multi-user mode as well.In accordence to my second point. On 2/24/06, Peter Eisentraut <peter_e@gmx.net> wrote: > Am Freitag, 24. Februar 2006 14:25 schrieb Nauman Naeem: > > In case I have only one user in my database who is also the DBSystem > > (who carries out initdb), user then if that user takes away his > > "createuser" privileges, he is unable to grant himself that privilege > > again or grant that privilege to any other user that he creates.This > > creates quite a fix since you end up with no superusers, nor a way to > > create any other superusers. > > Shut down the server, start in single-user mode, then you can fix it. > > -- > Peter Eisentraut > http://developer.postgresql.org/~petere/ >
"Nauman Naeem" <nauman.naeem@gmail.com> writes:
> I tried the single-user mode option and it worked, thanks! but, don't
> you people think that we should provide this privilege in multi-user
> mode as well.In accordence to my second point.
No. Restricting what a superuser can do is pointless --- he can always
manage to shoot himself in the foot if he tries hard enough. (Consider
eg "DELETE FROM pg_authid".) Trying to fix it in the reverse direction
(re-establishing superuser after the last one's been deleted) has
obvious security issues.
The problem comes up sufficiently seldom that the single-user-mode
backdoor seems sufficient.
regards, tom lane
> In my opinion we should cater for such a situation, and two possible > solutions come to my mind for this: I've done exactly this before, and had to use single user mode to recover. Annoying. > 1. Place a restriction that there should be more than one superuser > before you can issue a "NOCREATEUSER" command. I agree :) Chris
Yeah it really was :-) BTW I have implemented this for multiuser-mode as well......Both the approaches as mentioned in my very first email...
1- The minimum super user count should not be less then 1.
2- Only the main database system owner is eligible to reassign.
My personal believe is, this minimum functionality should be a part of multiuser mode! I was oblivious of this and did initdb twice, may be I am dumb :-)
Thanks,
Nauman
On 2/26/06, Christopher Kings-Lynne <chriskl@familyhealth.com.au> wrote:
> In my opinion we should cater for such a situation, and two possible
> solutions come to my mind for this:
I've done exactly this before, and had to use single user mode to
recover. Annoying.
> 1. Place a restriction that there should be more than one superuser
> before you can issue a "NOCREATEUSER" command.
I agree :)
Chris