hi andré, On Mon, Jul 27, 2009 at 02:41:53PM -0300, Andre Caldas wrote: > > this is by design. in most cases an application user should not need > > administrative privileges. > > I do agree with that. > Isn't the script at > /usr/share/dbconfig-common/data/package/install/pgsql > an "administrative" one? Should't it be running with the > "administrative user" instead of the application user?
no, that's run as the standard user. see: http://people.debian.org/~seanius/policy/examples/dbconfig-common/doc/dbconfig-common-using.html#bootstrap > I do agree the application does not need privileges. It doesn't even > need privileges to DROP the tables created for it. The application > needs privileges to read and write to the tables. Nonetheless, the > application user is being used to CREATE tables. So, if this is not a > bug (creating tables with the application user), it is reasonable to > expect you can CREATE SCHEMAS as well. Right? creating schemas requires special privileges that normal users don't get, while creating tables is considered a standard privilege for users with write permissions on a database. i suppose there's an argument that users shouldn't be able to create tables either, but the security implications of that aren't to different from the user being able to run "delete from table foo" where as schema creation/deletion has wider implications. sean --
signature.asc
Description: Digital signature
