On 19 January 2013 13:45, Kohei KaiGai <kai...@kaigai.gr.jp> wrote: > I think, it is a time to investigate separation of database superuser > privileges > into several fine-grained capabilities, like as operating system doing. > https://github.com/torvalds/linux/blob/master/include/uapi/linux/capability.h > > In case of Linux, the latest kernel has 36 kinds of capabilities that reflects > a part of root privileges, such as privilege to open listen port less than > 1024, > privilege to override DAC permission and so on. Traditional root performs > as a user who has all the capability in default.
Sounds like the best way to go. The reasoning that led to that change works for us as well. -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers