> 2. Are you sure "Powerusers" is such a good idea? It's the default for
> all non-admin users. When Postgres becomes a service, it's going to be
> relatively easy to configure it to run as a low-priv user. Until then,
> however, isn't it too difficult for admins to set up the system for it
> to run as a different user?
>
Found this document on the net. It gives you a good overview of what
different levels of users can and cannot do. I think the heading "What can a
power user do that a user can't" contains a couple of very good reasons to
prevent that PostgreSQL runs with Powerusers rights.
http://download.microsoft.com/download/1/b/8/1b8fc001-6f67-4ea1-b0f2-8add1da8cbc0/_Toc42414596
Exerpt:
Unfortunately, these permissions are also the same permissions that allow
power users to:
� Introduce Trojan horses that, if executed by administrators or
other users, can compromise system and data security
� Make system-wide operating system and application changes
that affect other users of the system
Kind regards,
Thomas Hallgren
