On Mon, Aug 27, 2007 at 08:08:34AM -0700, Joshua D. Drake wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, > > I just saw this in the weekly news: > > Restrict pg_relation_size to relation owner, pg_database_size to DB > owner, and pg_tablespace_size to superusers. Perhaps we could > weaken the first case to just require SELECT privilege, but that > doesn't work for the other cases, so use ownership as the common > concept. > > This is a problem. Our analytics software purposefully does not use a > super user, you are going to force the use of superusers with admin and > monitoring tools. Well, you could always create a wrapper function that is SECURITY DEFINER...
Honestly, I have to wonder if it'd be best to just restrict all those functions to superuser-only. They tend to be rather slow to run since they have to stat each file, so I'm worried about what kind of load that would present on a loaded system. -- Decibel!, aka Jim Nasby [EMAIL PROTECTED] EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)
Description: PGP signature