Re: Open 7.3 items - Mailing list pgsql-hackers

On Tue, 6 Aug 2002, Bruce Momjian wrote:

> > How can you request a vote of such a limited audience?  *Adding*
> > functionality is easy ... removing functionality with at least a release
> > for-warning is easy ... removing a feature without any forewarning is akin
> > to cutting our own throats ...
>
>
> Yea, but it was such an ugly feature and I honestly thought no one was
> using it.  In fact, you aren't even using it in the indended way of
> sharing /etc/passwd.  You are using it to implement a different
> capability that I never even imagined.  :-)

Can you point me to where this documentation is on its intended use?
*raised eyebrow*  Just bcause you couldn't imagine it being used the way I
am, doesn't mean that wasn't what it was intended for :)

> Well, as it currently stands in the patch, a db owner can create any
> user they want, including users for just their dbs.  However, remember
> that Once someone can create a user, they can create a superuser, so
> security for those folks is impossible.  The patch does not prevent them
> from creating user for other databases, if that is what you wanted, but
> did your previous solution allow this?

But, the patch should ... how hard is it to add code in that says "if
connected to db1 *and* have creat user privs, then allow create of
db1.<username>"?

Personally, from using cyrus-imapd for much much too long, I think what
we're looking at is 'realms' ... if 'enable_realms' is enabled in
postmaster.conf, then a user creatd wile connetd to db1 shuld have db1
appended automagically ...

then again, i do think its "a Bad Thing" to have this enable/disableable,
since it will cause some serious confusion ... its kinda like everyone's
argument against Thomas' recent patch about XLOG ... what if you forget?

it should be an initdb option (--enable-realms) so that its a
one-time-only decision when you create the database instance, not
something that you can flip on/off ... default would be disabled, to
reflect current behaviour (minus the password file) ...

or, another option would be 'CREATE DATABASE <DB> WITH REALMS', so that
you could have some with, some without ... so, if a DATABASE was creatd
with REALMS, a flag would be set in pg_database stating that only those
users with db. prefix have access to that database ...

then again, another neat thing would be he ability to 'group' databases
... CREATE DATABASE <DB> IN GROUP <dbgroup>, so that users would be named
dbgroup.* and would b able to login to any database within that group ...

but those are just ideas thrown out ... IMHO, critical for v7.3, if we
don't revert the patch, is to have *either* '--enable-realms' to set an
instance in that mode, *or* have it on a per database basis ... I think
having it as an on/off setting in postmaster.conf is just askng for
trouble ...