Em 09/11/2012 20:18, Tom Lane escreveu:
Andres Freund <andres@xxxxxxxxxxx> writes:
On 2012-11-09 12:42:37 +0100, Albe Laurenz wrote:
You cannot play it over permissions, but what about the following trick:
postgres=# CREATE DATABASE persist;
CREATE DATABASE
postgres=# UPDATE pg_database SET datistemplate=TRUE WHERE
datname='persist';
UPDATE 1
postgres=# DROP DATABASE persist;
ERROR: cannot drop a template database
Not a good idea, autovacuum will use a freeze_min_age of 0 in that
case which will make it heaps more expensive. Also it allows everyone to
copy that database not only its owner/superuser.
I think there might be even more unexpected consequences of playing that
trick.
It seems pretty pointless in any case, since a superuser could just undo
the UPDATE and then drop the database.
If what you're trying to avoid is accidental, rather than malicious,
drops, here's something that would be a lot more useful: avoid using
superuser accounts as much as you possibly can. There are not that
many things that you really need to use superuser privileges for.
regards, tom lane
Thanks you.
I'll look documentation to create a user that has enough permission to
do everything needed, except dropping databases.
Regards,
Edson
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
