> 2. Are you sure "Powerusers" is such a good idea? It's the default for
> all non-admin users. When Postgres becomes a service, it's going to be
> relatively easy to configure it to run as a low-priv user. Until then,
> however, isn't it too difficult for admins to set up the system for it
> to run as a different user?
>
Found this document on the net. It gives you a good overview of what
different levels of users can and cannot do. I think the heading "What can a
power user do that a user can't" contains a couple of very good reasons to
prevent that PostgreSQL runs with Powerusers rights.

http://download.microsoft.com/download/1/b/8/1b8fc001-6f67-4ea1-b0f2-8add1da8cbc0/_Toc42414596

Exerpt:

Unfortunately, these permissions are also the same permissions that allow
power users to:
   Introduce Trojan horses that, if executed by administrators or
    other users, can compromise system and data security
   Make system-wide operating system and application changes
    that affect other users of the system

Kind regards,

Thomas Hallgren



---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

               http://www.postgresql.org/docs/faqs/FAQ.html

Reply via email to