Re: Open 7.3 items - Mailing list pgsql-hackers
From | Marc G. Fournier |
---|---|
Subject | Re: Open 7.3 items |
Date | |
Msg-id | 20020807010904.T83339-100000@mail1.hub.org Whole thread Raw |
In response to | Re: Open 7.3 items (Bruce Momjian <pgman@candle.pha.pa.us>) |
List | pgsql-hackers |
On Tue, 6 Aug 2002, Bruce Momjian wrote: > > How can you request a vote of such a limited audience? *Adding* > > functionality is easy ... removing functionality with at least a release > > for-warning is easy ... removing a feature without any forewarning is akin > > to cutting our own throats ... > > > Yea, but it was such an ugly feature and I honestly thought no one was > using it. In fact, you aren't even using it in the indended way of > sharing /etc/passwd. You are using it to implement a different > capability that I never even imagined. :-) Can you point me to where this documentation is on its intended use? *raised eyebrow* Just bcause you couldn't imagine it being used the way I am, doesn't mean that wasn't what it was intended for :) > Well, as it currently stands in the patch, a db owner can create any > user they want, including users for just their dbs. However, remember > that Once someone can create a user, they can create a superuser, so > security for those folks is impossible. The patch does not prevent them > from creating user for other databases, if that is what you wanted, but > did your previous solution allow this? But, the patch should ... how hard is it to add code in that says "if connected to db1 *and* have creat user privs, then allow create of db1.<username>"? Personally, from using cyrus-imapd for much much too long, I think what we're looking at is 'realms' ... if 'enable_realms' is enabled in postmaster.conf, then a user creatd wile connetd to db1 shuld have db1 appended automagically ... then again, i do think its "a Bad Thing" to have this enable/disableable, since it will cause some serious confusion ... its kinda like everyone's argument against Thomas' recent patch about XLOG ... what if you forget? it should be an initdb option (--enable-realms) so that its a one-time-only decision when you create the database instance, not something that you can flip on/off ... default would be disabled, to reflect current behaviour (minus the password file) ... or, another option would be 'CREATE DATABASE <DB> WITH REALMS', so that you could have some with, some without ... so, if a DATABASE was creatd with REALMS, a flag would be set in pg_database stating that only those users with db. prefix have access to that database ... then again, another neat thing would be he ability to 'group' databases ... CREATE DATABASE <DB> IN GROUP <dbgroup>, so that users would be named dbgroup.* and would b able to login to any database within that group ... but those are just ideas thrown out ... IMHO, critical for v7.3, if we don't revert the patch, is to have *either* '--enable-realms' to set an instance in that mode, *or* have it on a per database basis ... I think having it as an on/off setting in postmaster.conf is just askng for trouble ...
pgsql-hackers by date: