mirror of
https://github.com/postgres/postgres.git
synced 2025-04-25 21:42:33 +03:00
Clarify ownership and security issues with alternate db locations.
This commit is contained in:
Thomas G. Lockhart
parent
3d96825bb1
commit
f2764eea42
@ -130,7 +130,7 @@ There was a problem with creating the required directory; this operation will
|
|||||||
Description
|
Description
|
||||||
</TITLE>
|
</TITLE>
|
||||||
<PARA>
|
<PARA>
|
||||||
CREATE DATABASE creates a new PostgreSQL database.
|
<command>CREATE DATABASE</command> creates a new Postgres database.
|
||||||
The creator becomes the administrator of the new database.
|
The creator becomes the administrator of the new database.
|
||||||
</PARA>
|
</PARA>
|
||||||
|
|
||||||
@ -142,10 +142,10 @@ There was a problem with creating the required directory; this operation will
|
|||||||
Notes
|
Notes
|
||||||
</TITLE>
|
</TITLE>
|
||||||
<PARA>
|
<PARA>
|
||||||
CREATE DATABASE statement is a PostgreSQL language extension.
|
<command>CREATE DATABASE</command> statement is a Postgres language extension.
|
||||||
</PARA>
|
</PARA>
|
||||||
<para>
|
<para>
|
||||||
Refer to DROP DATABASE statement to remove a database.
|
Refer to <command>DROP DATABASE</command> statement to remove a database.
|
||||||
</para>
|
</para>
|
||||||
</REFSECT2>
|
</REFSECT2>
|
||||||
|
|
||||||
@ -157,19 +157,17 @@ There was a problem with creating the required directory; this operation will
|
|||||||
To create a new database:
|
To create a new database:
|
||||||
</PARA>
|
</PARA>
|
||||||
<ProgramListing>
|
<ProgramListing>
|
||||||
CREATE DATABASE lusiadas;
|
<prompt>olly=></prompt></computeroutput> <userinput>create database lusiadas;</userinput>
|
||||||
</ProgramListing>
|
</ProgramListing>
|
||||||
<PARA>
|
<PARA>
|
||||||
To create a new database in <filename>~/private_db</filename>:
|
To create a new database in an alternate area <filename>~/private_db</filename>:
|
||||||
</PARA>
|
</PARA>
|
||||||
<ProgramListing>
|
<ProgramListing>
|
||||||
$ mkdir private_db
|
<prompt>$</prompt> <userinput>mkdir private_db</userinput>
|
||||||
$ initlocation ~/private_db
|
<prompt>$</prompt> <userinput>initlocation ~/private_db</userinput>
|
||||||
<computeroutput>Creating Postgres database system directory /home/olly/private_db/base</computeroutput>
|
<computeroutput>Creating Postgres database system directory /home/olly/private_db/base</computeroutput>
|
||||||
|
|
||||||
$ chmod a+rx private_db
|
<prompt>$</prompt> <userinput>psql olly</userinput>
|
||||||
$ chmod a+rwx private_db/base
|
|
||||||
$ psql
|
|
||||||
<computeroutput>Welcome to the POSTGRESQL interactive sql monitor:
|
<computeroutput>Welcome to the POSTGRESQL interactive sql monitor:
|
||||||
Please read the file COPYRIGHT for copyright terms of POSTGRESQL
|
Please read the file COPYRIGHT for copyright terms of POSTGRESQL
|
||||||
|
|
||||||
@ -178,7 +176,7 @@ There was a problem with creating the required directory; this operation will
|
|||||||
type \g or terminate with semicolon to execute query
|
type \g or terminate with semicolon to execute query
|
||||||
You are currently connected to the database: template1
|
You are currently connected to the database: template1
|
||||||
|
|
||||||
template1=></computeroutput> <userinput>create database elsewhere with location = '/home/olly/private_db';</userinput>
|
<prompt>olly=></prompt></computeroutput> <userinput>create database elsewhere with location = '/home/olly/private_db';</userinput>
|
||||||
<computeroutput>CREATEDB</computeroutput>
|
<computeroutput>CREATEDB</computeroutput>
|
||||||
</ProgramListing>
|
</ProgramListing>
|
||||||
</REFSECT1>
|
</REFSECT1>
|
||||||
@ -188,23 +186,19 @@ There was a problem with creating the required directory; this operation will
|
|||||||
Bugs
|
Bugs
|
||||||
</TITLE>
|
</TITLE>
|
||||||
<PARA>
|
<PARA>
|
||||||
Where an ordinary user cannot change the ownership of files to other users
|
There are security and data integrity issues involved with using alternate database locations
|
||||||
(which is correct from a security point of view), there is no easy way
|
specified with absolute path names. See the Administrator's Guide for more information.
|
||||||
to give the postgres backend access to files in a database at a
|
|
||||||
non-standard location without
|
|
||||||
giving similar access to all users. The situation shown in the usage
|
|
||||||
example makes <filename>/home/olly/private_db</filename> world-accessible.
|
|
||||||
</PARA>
|
</PARA>
|
||||||
<para>
|
<!-- ------------------
|
||||||
If, on the other hand, the user gets the system administrator to give
|
comment from Olly; response from Thomas...
|
||||||
file ownership to the <literal>postgres</literal> superuser and restrict access, he will
|
|
||||||
then be unable to delete the <filename><replaceable>directory</replaceable>/base</filename> directory.
|
|
||||||
</para>
|
|
||||||
<comment>
|
<comment>
|
||||||
initlocation does not create a PG_VERSION file in the specified location.
|
initlocation does not create a PG_VERSION file in the specified location.
|
||||||
How will PostgreSQL handle the situation if it is upgraded to an
|
How will Postgres handle the situation if it is upgraded to an
|
||||||
incompatible database version?
|
incompatible database version?
|
||||||
</comment>
|
</comment>
|
||||||
|
Hmm. This isn't an issue since the upgrade would do a dump/reload from the main database area also.
|
||||||
|
Not sure if the dump/reload would guarantee that the alternate data area gets refreshed though...
|
||||||
|
-------------------- -->
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<REFSECT1 ID="R1-SQL-CREATEDATABASE-4">
|
<REFSECT1 ID="R1-SQL-CREATEDATABASE-4">
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user