On 06/30/2013 09:12 PM, Andrew Sullivan wrote: > > If you want "easy", then just give different databases per user. If > you want complicated, you need an administrator; yes, that needs to be > in some sense under the control of the host. We have roughly 40 years > of experience with these things, and the evidence is that > "comprehensive but easy" is either badly insecure or very hard to > operate well. Which trade do you want to make? > This is a false, er, trichotomy? The requirements I listed aren't very hard to meet. Here's how you do it for a directory on the filesystem (why do I get the feeling nobody is going to check out the repo): # Admins can do anything. setfacl -m group:admins:rwx *-project setfacl -d -m group:admins:rwx *-project # The customer's developers can access their own projects. setfacl -m group:customer-devs:rwx customer-project setfacl -d -m group:customer-devs:rwx customer-project # The anonymous user can only read things. setfacl -m user:anonymous:rx customer-project setfacl -d -m user:anonymous:rx customer-project This will work for eternity, and is perfectly secure. "Easy" is relative, but it's easy for me, and I only have to do it once, so who cares. I have find/xargs scripts that do the hard part for me. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
