> 2. Are you sure "Powerusers" is such a good idea? It's the default for
> all non-admin users. When Postgres becomes a service, it's going to be
> relatively easy to configure it to run as a low-priv user. Until then,
> however, isn't it too difficult for admins to set up the system for it
> to run as a different user?
Found this document on the net. It gives you a good overview of what
different levels of users can and cannot do. I think the heading "What can a
power user do that a user can't" contains a couple of very good reasons to
prevent that PostgreSQL runs with Powerusers rights.



Unfortunately, these permissions are also the same permissions that allow
power users to:
   Introduce Trojan horses that, if executed by administrators or
    other users, can compromise system and data security
   Make system-wide operating system and application changes
    that affect other users of the system

Kind regards,

Thomas Hallgren

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?


Reply via email to