Re: pg_user - Mailing list pgsql-hackers

From Jan Wieck
Subject Re: pg_user
Date
Msg-id 3FA18713.3000400@Yahoo.com
Whole thread Raw
In response to Re: pg_user  (ivan <iv@psycho.pl>)
List pgsql-hackers
ivan wrote:

> you can also patch your kernel and when you write cat /etc/passwd system
> give you only your line , whitout any others users, so exacly what you
> need ,
> in pgsql i think that users dont need to know about others , and also
> them
> databases, i call it security :)

No, it's not security, it is obscurity. The point is that this 
modification is not backward compatible and the only scenario I can 
imagine where it would be good to have this is for a hosting provider 
who want's to cram up multiple hosted databases under one postmaster.

I am not per se against such change. It never striked me as a good idea 
in general that we only have the one, shared pg_shadow catalog and all 
databases share all users. So I think what I try to say is ... back to 
the drawing board, because your initial solution is not acceptable.


Jan


> 
> On Mon, 27 Oct 2003, Jan Wieck wrote:
> 
>> ivan wrote:
>>
>> > hi
>> >
>> > can we change initdb when view pg_user is createing to :
>> >
>> > CREATE VIEW pg_user AS \
>> >     SELECT \
>> >         usename, \
>> >         usesysid, \
>> >         usecreatedb, \
>> >         usesuper, \
>> >         usecatupd, \
>> >         '********'::text as passwd, \
>> >         valuntil, \
>> >         useconfig \
>> >     FROM pg_shadow WHERE usename = SESSION_USER;
>>
>> No, at least not without a complete proposal how to retain the current
>> behaviour of pg_tables, pg_views, psql's \d and other places that rely
>> on pg_user being able to display all users.
>>
>> It's the same thing with your /etc/passwd. chmod o-rwx /etc/passwd will
>> hide the usernames but break many utilities. If you don't want someone
>> to know all the logins, don't give him one.
>>
>>
>> Jan
>>
>> --
>> #======================================================================#
>> # It's easier to get forgiveness for being wrong than for being right. #
>> # Let's break this rule - forgive me.                                  #
>> #================================================== JanWieck@Yahoo.com #
>>


-- 
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== JanWieck@Yahoo.com #



pgsql-hackers by date:

Previous
From: "scott.marlowe"
Date:
Subject: Re: pg_user
Next
From: Tom Lane
Date:
Subject: Re: Please help