Greg Stark wrote:
"Joshua D. Drake" <[EMAIL PROTECTED]> writes:
However, it is also true that by having the ability to give say a tier2 the
ability to edit the postgresql.conf withough the ability to log in as postgres
or root, then that user can not stop/start the database, or have root access.
T
"Joshua D. Drake" <[EMAIL PROTECTED]> writes:
> However, it is also true that by having the ability to give say a tier2 the
> ability to edit the postgresql.conf withough the ability to log in as postgres
> or root, then that user can not stop/start the database, or have root access.
> They can h
Tom Lane wrote:
"Joshua D. Drake" <[EMAIL PROTECTED]> writes:
Tom Lane wrote:
Being able to edit postgresql.conf gives one the ability to become
postgres (hint: you can cause the backend to load a shlib of your
choosing, or even more trivially, adjust pg_hba.conf to let you in
as superuser), so the
"Joshua D. Drake" <[EMAIL PROTECTED]> writes:
> Tom Lane wrote:
>> Being able to edit postgresql.conf gives one the ability to become
>> postgres (hint: you can cause the backend to load a shlib of your
>> choosing, or even more trivially, adjust pg_hba.conf to let you in
>> as superuser), so the a
Andrew Dunstan <[EMAIL PROTECTED]> writes:
> Tom Lane wrote:
>> Being able to edit postgresql.conf gives one the ability to become
>> postgres (hint: you can cause the backend to load a shlib of your
>> choosing, or even more trivially, adjust pg_hba.conf to let you in
>> as superuser), so the abov
And can't we now even point to a completely different location for the
actual data, as well as the rest of the config? I'd hate to think of
someone changing that out from under me.
We can do that in 8.0 can't we? Well then I guess it will be moot in
about 6 months :)
cheers
andrew
--
Comman
Tom Lane wrote:
"Joshua D. Drake" <[EMAIL PROTECTED]> writes:
For 8.0 are we going to allow group modifications to the data
directories for PostgreSQL? It is kind of silly that it must be 700.
Not in the least. There are many systems where users by default
are all in a "users" group, and so 770
Tom Lane wrote:
Being able to edit postgresql.conf gives one the ability to become
postgres (hint: you can cause the backend to load a shlib of your
choosing, or even more trivially, adjust pg_hba.conf to let you in
as superuser), so the above distinction is unenforceable.
And can't we now even
"Joshua D. Drake" <[EMAIL PROTECTED]> writes:
> For 8.0 are we going to allow group modifications to the data
> directories for PostgreSQL? It is kind of silly that it must be 700.
Not in the least. There are many systems where users by default
are all in a "users" group, and so 770 isn't much s
Hello,
For 8.0 are we going to allow group modifications to the data
directories for PostgreSQL? It is kind of silly that it must be 700.
I think we should allow at least 770. This allows you to have
administrators with postgresql.conf editing rights without giving
them the ability to su to postg
10 matches
Mail list logo
