Re: Disable executing external commands from psql? - Mailing list pgsql-general

From Bruce Momjian
Subject Re: Disable executing external commands from psql?
Date
Msg-id 201006020026.o520QLU19703@momjian.us
Whole thread Raw
In response to Re: Disable executing external commands from psql?  (Ken Tanzer <ken.tanzer@gmail.com>)
List pgsql-general
Ken Tanzer wrote:
> >
> > The better way to go about that is to not let them have an account on
> > the server machine in the first place.  Just expose the postmaster port
> > (perhaps via ssh tunneling) and let them run psql on their own machines.
> Somehow, exposing my database ports to the internet scares me more than
> any (possibly crazy) stuff I'm trying to do.  :)
>
> But seriously I think I need to give them accounts--I'm setting up
> online instances of a web app, so they have a set of (editable) PHP
> files, possibly some storage, a log file, etc.  It seemed that setting
> each up as its own user was better than going through some uber-process
> that had access to all the files.
>
> Just to be clear, cause I'm a little thick sometimes, it is not possible
> to do this?

Maybe put them into a chroot() environment, or hack psql to remove \!.
No one has asked for this before.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + None of us is going to be here forever. +

pgsql-general by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Disable executing external commands from psql?
Next
From: Ernesto Quiñones
Date:
Subject: Re: PosttgreSQL on AIX