Home > mailing lists

Re: dropdb ; createdb equivalent without createdb permission? - Mailing list pgsql-general

From	Andrew Sullivan
Subject	Re: dropdb ; createdb equivalent without createdb permission?
Date	July 9, 2007 18:29:49
Msg-id	20070709182938.GB28069@phlogiston.dyndns.org Whole thread Raw
In response to	dropdb ; createdb equivalent without createdb permission? ("Tim Olsen" <tolsen718@gmail.com>)
Responses	Re: dropdb ; createdb equivalent without createdb permission? ("Tim Olsen" <tolsen718@gmail.com>) Re: dropdb ; createdb equivalent without createdb permission? (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-general

Tree view

On Mon, Jul 09, 2007 at 02:13:55PM -0400, Tim Olsen wrote:
> like the user to be granted createdb permission for only a particular
> database.  I don't believe this is possible in postgresql.  Is there a
> dropdb-followed-by-createdb equivalent the user could use?

The reason it isn't possible is because there's no such thing as "a
particular database" at createdb time.  It's just an empty database
with an arbitrary string (the name) identifying it.

You could, however, limit all of this by giving sudo access to the
person in question, where the sudo access is for a (set of) script(s)
that achieve what you want (e.g. scripts with the appropriate
createdb, psql -c "something" &c. inside them).  Obviously, if the
user can edit the scripts, then your intention is still foiled.

A

--
Andrew Sullivan  | ajs@crankycanuck.ca
The fact that technology doesn't work is no bar to success in the marketplace.
        --Philip Greenspun

pgsql-general by date:

From: "Tim Olsen"
Date: 09 July 2007, 18:14:02
Subject: dropdb ; createdb equivalent without createdb permission?

From: Steve Crawford
Date: 09 July 2007, 18:39:23
Subject: Re: dropdb ; createdb equivalent without createdb permission?

Re: dropdb ; createdb equivalent without createdb permission? - Mailing list pgsql-general

Previous

Next