"Tsunakawa, Takayuki" <tsunakawa.takay@xxxxxxxxxxxxxx> wrote: > I'd like to hear other cases like: > > - Packaged applications (not OS) that embeds or uses PostgreSQL > - The corporate environment where some security policy is > enforced that the OS user and the database administrator user > must be different Well, where I used to work, we had many instances of PostgreSQL running on a server, and found it to be *very* good policy to use a different OS user to run each cluster. We wanted the inital superuser login to match the OS user, for "trust" login. (The superuser login had no password; you had to log in as yourself and run use sudo to run as a database superuser, or root could schedule crontab jobs to run as a database superuser.) So, essentially, the database superuser was always a name meaningful for the cluster -- never postgres. We never liked to allow any OS login except as an identifiable person, and then we could track who was logged in when and what they ran through sudo. -- Kevin Grittner EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
