On Fri, Jul 24, 2009 at 3:26 PM, James Busser
<address@hidden> wrote:
Just clarifying a few things about the postgres users...
Is there any correspondence between a system account "postgres" and a user (within postgreSQL) called "postgres"?
Can postgres tolerate (function with)
- a postgres user "postgres" in the absence of a system user (account) postgres?
- absence of a postgres user "postgres"?
Not really, essentially the "postgres" user has to be the owner of the database, in otherwords you could have a user named jbusser owning the db then you would have to have a postgres user named jbusser as the system account
Within postgreSQL, are the privileges of the user "postgres" special and equivalent to the unlimited system privileges of the "root" user (at least per postgreSQL defaults)?
Yes, but they can be granted to anyone.
There was mention (in the postings about pgAdmin III) that the postgreSQL account "postgres" would be unable to access the gnumed databases, on account of some settings in one of the postgres configuration files.
1) is the above correct and
2) given that this could be reversed by altering the config settings, the reasons for the constraints against letting "postgres" meddle with the gnumed databases include:
- isolating the managers of the "postgres" account from accidental or inappropriate meddling with the gnumed schemas and
You can give another user the ability to create databases, and then you can create a user which can own the database but not create databases (implies being able to drop them as well.)
- such isolation depends on said managers either lacking (sudo) access to the postgres config files or, if given said access, would agree by social policy not to bypass the constraints?
I generally set up pg so that the owner of the db does not have drop privileges .
Dave
_______________________________________________
Gnumed-devel mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/gnumed-devel