Re: Revoke "drop database" even for superusers? - Mailing list pgsql-general

From Edson Richter
Subject Re: Revoke "drop database" even for superusers?
Date
Msg-id BLU0-SMTP18850AA8B4213361E5B0EB2CF680@phx.gbl
Whole thread Raw
In response to Re: Revoke "drop database" even for superusers?  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-general
Em 09/11/2012 20:18, Tom Lane escreveu:
> Andres Freund <andres@anarazel.de> writes:
>> On 2012-11-09 12:42:37 +0100, Albe Laurenz wrote:
>>> You cannot play it over permissions, but what about the following trick:
>>>
>>> postgres=# CREATE DATABASE persist;
>>> CREATE DATABASE
>>> postgres=# UPDATE pg_database SET datistemplate=TRUE WHERE
>>> datname='persist';
>>> UPDATE 1
>>> postgres=# DROP DATABASE persist;
>>> ERROR:  cannot drop a template database
>> Not a good idea, autovacuum will use a freeze_min_age of 0 in that
>> case which will make it heaps more expensive. Also it allows everyone to
>> copy that database not only its owner/superuser.
>> I think there might be even more unexpected consequences of playing that
>> trick.
> It seems pretty pointless in any case, since a superuser could just undo
> the UPDATE and then drop the database.
>
> If what you're trying to avoid is accidental, rather than malicious,
> drops, here's something that would be a lot more useful: avoid using
> superuser accounts as much as you possibly can.  There are not that
> many things that you really need to use superuser privileges for.
>
>             regards, tom lane
>
>
Thanks you.

I'll look documentation to create a user that has enough permission to
do everything needed, except dropping databases.

Regards,

Edson


pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: Revoke "drop database" even for superusers?
Next
From: Lists
Date:
Subject: Re: Unexpectedly high disk space usage RESOLVED (Manual reindex/vacuum)