Hi Josh,
On Jan 13, 2006, at 2:34 PM, Josh Berkus wrote:
I can't see a way to do this except individually, in which case the
superuser might as well load the functions. We *have* to be
restrictive
about this because a C function can do anything, including overwriting
whatever parts of the filesystem "postgres" has access to. Look
over our
patch releases for the last 2 years and you'll see a host of patches
designed specifically to prevent regular users from gaining access to
superuser priveleges.
What you want isn't impossible, but it would be a lot of work and
testing
to engineer such a mechanism and keep PostgreSQL's "most secure"
status.
So far, everyone has found it easier to work around the issue,
especially
since for most sites backup/restore is done by the superuser anyway.
I suspected it was out of the question for security reasons, but I
wanted to bring it up to make sure I was not missing some alternative
solution.
I backup and restore all the time for hosted web sites running with
PostgreSQL as a content management system. This is critical for doing
site upgrades and you certainly can't depend on the super user in a
hosted environment.
Maybe the best solution here would be some web interface setup by the
hoster to perform specific approved tasks like tsearch install. This
is already the mechanism used to allow users to create their own
databases.
Thanks for taking the time to respond.
John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
