Hi Thomas, Thank you for your suggestion. The modified manage.py sounds like a very good place for me to start.
Best regards, Sean On Mon, 2009-09-07 at 16:09 +0200, Thomas Guettler wrote: > I can speak only for postgres. > > We create the database with a special admin-account and > the owner if the db is the admin-account. Then we grant > insert, update, delete permissions to the django-db-user. > > We have a modified manage.py which let syncdb run with > the admin-account (interactive password prompt). > > It is possible, it is more secure, but makes some trouble. > > sean schrieb: > > Hi All, > > > > I am currently working on a front end to pam-mysql and nss-mysql to > > allow the creation of linux user accounts through the web. > > > > I need to separate out permissions so that Django can read some columns > > and not others, for instance it should have no access to the password > > column. > > > > I need another mysql user with it's mysql password stored in a file > > owned by root with permissions 700 to do the actual data modification - > > so this part will need to be separate from the Django app, but called > > from it via a passwordless sudo entry or something. > > > > As Django can only connect to mysql with one user, what is the best way > > to restrict it's permissions to the ones I want it to be able to read? > > Can this be done at a configuration file level so that upon running > > syncb, the permissions are in place? > > > > Any pointers greatly appreciated. > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
