On Sunday 21 March 2010 02.01:27 Scott Mead wrote:
> On Sat, Mar 20, 2010 at 5:24 PM, Adam Seering <aseering@mit.edu> wrote:
> > Hi,
> >
> > I'm trying to set up an internal general-purpose PostgreSQL
> > server
> >
> > installation. I want most users with login access to the server to be
> > able to create databases, but only with names that follow a specified
> > naming convention (in particular, approximately "is prefixed with the
> > owner's username"). A subset of administrative users can create users
> > with any name. The goal is to let users create arbitrary databases,
> > but to force them to get approval for names that someone else (or some
> > other service) might conceivably want.
> >
> > Is there any way to enforce this within PostgreSQL? Maybe
> > something
> >
> > like a trigger on CREATE DATABASE, if that's possible?
>
> Hmmm... nothing like that I'm afraid...
>
> But, you could possibly make a shell script to the 'createdb'
> executable that would force a name-style, but even then, for any user to
> be able to successfully run the command, they need database logon /
> create database privs, so if someone : cat `which createdb` and you had
> made a script, they'd see what you were up to. It may be a way to get
> started though.
Extending this: have your users not have createdb permission and write this
script as a suid program.
cheers
-- vbi
>
> --Scott M
--
this email is protected by a digital signature: http://fortytwo.ch/gpg
