how? is there some kernel patch to completely to enable you to deny
access to root?
Tino Wildenhain pointed out SELinux has a feature like that.
I still dont get your problem (apart from that you can always
google for SELinux)
Why arent the other "admins" not trustworthy? And why do you
have many of them? If they only check logs and create users,
why do they have to be admins? They could use carefully
configured sudo as well to fullfill their tasks w/o full
access to the system.
I'd say, grep your problem at the root (literally spoken)
Yes. Exactly. I guess I misunderstood the situation. Admin is
vague word. It could mean db admins, it could mean a system
administrator for that computer etc. I apologize if that was
specified earlier in the discussion. I just assumed that if you
didn't want them to be able to edit the conf file that they wouldn't
have root because well... that just seems obvious. I realize though
that you don't need real security but rather a small barrier to give
the management the warm fuzzies.
I'm sure that you have your reasons but if you could make them non-
root users and give them privileges to do what they need to do with
sudo or something but not give them perms on the hba file then that
would seem to be a better solution all around than compiling your own
custom postgres.
Just a suggestion.
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
