Peter Eisentraut <peter_e@gmx.net> writes:
>> However, this page indicates that there are security risks in doing this.
>> What are those risks? If I prevent users other than the superuser
>> "postgres" from being able to create and drop databases, are there any
>> security risks?
> No. The risks are related to the fact that non-superusers can also be
> allowed to create databases.
If the user's DB area is in his home directory, then he can presumably
rename it, leading to nasty problems when operations like CHECKPOINT try
to write to files in it. At the very least you'd have potential for
denial of service to all the other users.
>> Lastly, I've even tried creating a database normally, then moving it to the
>> user's area and creating a symlink to it. But this didn't seem to work.
> It should, since that is what the "official" mechanisms do as well.
Yes, I'd have thought that would work. Define "didn't seem to work",
please.
regards, tom lane
