On Mon, May 24, 2004 at 11:23:09AM -0700, Joe Conway wrote: > Tom Lane wrote: > >Christopher Kings-Lynne <[EMAIL PROTECTED]> writes: > >>Hmmm - I agree it's difficult, but somehow I think it's something we > >>should do. Just imagine if some major user of postgres did it - they'd > >>be screaming blue murder... > > > >Shrug. Superusers can *always* shoot themselves in the foot in Postgres. > >Try "delete from pg_proc", for instance. This sounds right up there > >with the notion of preventing a Unix superuser from doing "rm -rf /". > > FWIW, I've seen a unix superuser do a recursive chmod 777 on /, and I've > seen a Windows server admin recursively deny EVERYTHING from EVERYBODY > starting at c:\. In both cases, we found that's why we keep regular > backups ;-)
I've personally done rm -fr /, but this doesn't mean we couldn't do better than imitate Unix permission scheme. In fact, latest efforts are trying to get rid of a all-powerful superuser by using more granular "capabilities". Maybe we don't need to exclusive-lock the entire ALTER USER operation; perhaps a lock escalation method could be used. OTOH I agree this particular problem may not need a solution. -- Alvaro Herrera (<alvherre[a]dcc.uchile.cl>) "La grandeza es una experiencia transitoria. Nunca es consistente. Depende en gran parte de la imaginación humana creadora de mitos" (Irulan) ---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings
