"Joshua D. Drake" <[EMAIL PROTECTED]> writes:
Tom Lane wrote:
Being able to edit postgresql.conf gives one the ability to become postgres (hint: you can cause the backend to load a shlib of your choosing, or even more trivially, adjust pg_hba.conf to let you in as superuser), so the above distinction is unenforceable.
Again, the responsibility of the administrator for the system.
How so? The point is that there is *no such thing* as giving someone config edit permissions without thereby implicitly trusting them with the keys to the city.
Well that isn't entirely true. Yes, you are obviously correct in that if I give a user the ability to edit the pg_hba.conf file -- that user has the ability to become a superuser for PostgreSQL and completely screw my database.
That is what lawyers are for.
However, it is also true that by having the ability to give say a tier2 the ability to edit the postgresql.conf withough the ability to log in as postgres or root, then that user can not stop/start the database, or have root access. They can however, allow another IP, user, network access.
I can also put other items in place that detect a change in those files fairly easily. Which means if there isn't a work order stating change this file, then a tier3 is notified.
If you trust them that much, you may as well let
them su to postgres. There is no point in using group membership as a substitute.
I disagree. I trust my tier1 to make a change to the conf file and let me know the changes are done and ready for review. I do not trust my tier1 to arbitrarily turn on logging, blow the config, restart postgresql and have it not start up because of the error....
Allowing that tier1 to su to postgres gives them that capability.
Sincerely,
Joshua D. Drake
regards, tom lane
-- Command Prompt, Inc., home of PostgreSQL Replication, and plPHP. Postgresql support, programming shared hosting and dedicated hosting. +1-503-667-4564 - [EMAIL PROTECTED] - http://www.commandprompt.com Mammoth PostgreSQL Replicator. Integrated Replication for PostgreSQL
begin:vcard fn:Joshua D. Drake n:Drake;Joshua D. org:Command Prompt, Inc. adr:;;PO Box 215;Cascade Locks;Oregon;97014;USA email;internet:[EMAIL PROTECTED] title:Consultant tel;work:503-667-4564 tel;fax:503-210-0334 note:Command Prompt, Inc. is the largest and oldest US based commercial PostgreSQL support provider. We provide the only commercially viable integrated PostgreSQL replication solution, but also custom programming, and support. We authored the book Practical PostgreSQL, the procedural language plPHP, and adding trigger capability to plPerl. x-mozilla-html:FALSE url:http://www.commandprompt.com/ version:2.1 end:vcard
---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings
