Re: pgaudit - an auditing extension for PostgreSQL - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: pgaudit - an auditing extension for PostgreSQL
Date
Msg-id 20150217185059.GX6717@tamriel.snowman.net
Whole thread Raw
In response to Re: pgaudit - an auditing extension for PostgreSQL  (Jim Nasby <Jim.Nasby@BlueTreble.com>)
Responses Re: pgaudit - an auditing extension for PostgreSQL
List pgsql-hackers
Jim,

* Jim Nasby (Jim.Nasby@BlueTreble.com) wrote:
> We may need to bite the bullet and allow changing the user that the
> postgres process runs under so it doesn't match who owns the files.
> Maybe there's a way to allow that other than having the process
> start as root.

That's an interesting thought but it doesn't seem too likely to work out
for us.  The process still has to be able to read and write the files,
create new files in the PGDATA directories, etc.

> Or maybe there's some other way we could restrict what a DB
> superuser can do in the shell.

This could be done with SELinux and similar tools, but at the end of the
day the answer, in my view really, is to have fewer superusers and for
those superusers to be understood to have OS-level shell access.  We
don't want to deal with all of the security implications of trying to
provide a "trusted" superuser when that user can create functions in
untrusted languages, modify the catalog directly, etc, it really just
doesn't make sense.
Thanks,
    Stephen

pgsql-hackers by date:

Previous
From: Jim Nasby
Date:
Subject: Re: pgaudit - an auditing extension for PostgreSQL
Next
From: Jim Nasby
Date:
Subject: Re: pgaudit - an auditing extension for PostgreSQL