Security question : Database access control
Is there any way to prevent superuser to acces the database ?
I mean something like "GRANT / REVOKE CONNECT" MECHANISM
I have no idea how to prevent root from access data in one of this ways :
root @ linux:~#su - postgres
postgres @ linux:/usr/local/pgsql/bin$pg_dump ....
or
edit pg_hba.conf
# Allow any user on the local system to connect to any
# database under any username, but only via an IP connection:
host all 127.0.0.1 255.255.255.255 trust
# The same, over Unix-socket connections:
local all trust
or my nightmare a cygwin on Win 98 everybody can can access everything :-((((
On Tue, 22 Oct 2002, Igor Georgiev wrote:
edit *pg_hba.conf *
# Allow any user on the local system to connect to any
# database under any username, but only via an IP connection:
host all 127.0.0.1 255.255.255.255 trust
# The same, over Unix-socket connections:
local all trustwhat about reading pg_hba.conf comments?
local all md5Ok, but my question actually isn't about pg_hba.conf comments, i read enough
but what will stop root from adding this lines or doing su - postgres ??
Nothing, root is GOD in unix. He can do whatever he wants.
Import Notes
Reply to msg id not found: 00e301c279e5cb03f0e00b0546c0@alpha.bg | Resolved by subject fallback
On Tue, 2002-10-22 at 12:12, Igor Georgiev wrote:
edit *pg_hba.conf *
# Allow any user on the local system to connect to any
# database under any username, but only via an IP connection:
host all 127.0.0.1 255.255.255.255 trust
# The same, over Unix-socket connections:
local all trustwhat about reading pg_hba.conf comments?
local all md5Ok, but my question actually isn't about pg_hba.conf comments, i read enough
but what will stop root from adding this lines or doing su - postgres ??
Next your going to ask what will stop root from stopping your
PostgreSQL, compiling a second copy with authentication disabled and
using your data directory as it's source :)
If you want to prevent root from accomplishing these things, you're
going to have to look to your kernel for help. The kernel must prevent
root from changing users, starting / stopping applications, or touching
certain filesystems.
PostgreSQL will let you put a password on the data. But that only works
if they actually try to use PostgreSQL to get at the data.
There are a couple of tools which were designed to recover database data
while the db is not running.
--
Rod Taylor
Import Notes
Reply to msg id not found: 00e301c279e5cb03f0e00b0546c0@alpha.bg
On Tue, 22 Oct 2002, Igor Georgiev wrote:
edit *pg_hba.conf *
# Allow any user on the local system to connect to any
# database under any username, but only via an IP connection:
host all 127.0.0.1 255.255.255.255 trust
# The same, over Unix-socket connections:
local all trustwhat about reading pg_hba.conf comments?
local all md5Ok, but my question actually isn't about pg_hba.conf comments, i read enough
but what will stop root from adding this lines or doing su - postgres ??
Not much really. But given that they have access to the raw data
files, preventing them access to the server doesn't gain you that
much if they really want to get the data.
Import Notes
Reply to msg id not found: 00e301c279e5cb03f0e00b0546c0@alpha.bg | Resolved by subject fallback
"Igor Georgiev" <gory@alphasoft-bg.com> writes:
Ok, but my question actually isn't about pg_hba.conf comments, i read enough
but what will stop root from adding this lines or doing su - postgres ??
As somebody already pointed out, you *must* trust the people with root
access to your machine; there is not anything you can do to defend
yourself against them. If you can't trust the admins on the machine
you're using, better get your own machine.
regards, tom lane
Import Notes
Reply to msg id not found: 00e301c279e5cb03f0e00b0546c0@alpha.bg
edit *pg_hba.conf *
# Allow any user on the local system to connect to any
# database under any username, but only via an IP connection:
host all 127.0.0.1 255.255.255.255 trust
# The same, over Unix-socket connections:
local all trustwhat about reading pg_hba.conf comments?
local all md5
Ok, but my question actually isn't about pg_hba.conf comments, i read enough
but what will stop root from adding this lines or doing su - postgres ??
They can just read the raw database files as well.
wow I'm not sure
how about this
edit pg_hba.conf
# Allow any user on the local system to connect to any
# database under any username
local all trust
su - posgres
psql test -U dba
or
pg_dump test
Show quoted text
You have to be able to trust whoever has root access to the system, as well as anyone who has
physical access to the system.
Next your going to ask what will stop root from stopping your
PostgreSQL, compiling a second copy with authentication disabled and
using your data directory as it's source :)
He he i'm enough paranoic :))
If you want to prevent root from accomplishing these things, you're
going to have to look to your kernel for help. The kernel must prevent
root from changing users, starting / stopping applications, or touching
certain filesystems.PostgreSQL will let you put a password on the data. But that only works
if they actually try to use PostgreSQL to get at the data.
use PostgreSQL to get at the data - Yeah this will be enough
i want just only REVOKE CONNECT PRIVILEGES on database
On Tue, Oct 22, 2002 at 05:05:38PM +0200, Igor Georgiev wrote:
or my nightmare a cygwin on Win 98 everybody can can access everything
Or =my= nightmare: Anything important on any Windows platform.
-crl
--
Chad R. Larson (CRL22) chad@eldocomp.com
Eldorado Computing, Inc. 602-604-3100
5353 North 16th Street, Suite 400
Phoenix, Arizona 85016-3228
Next your going to ask what will stop root from stopping your
PostgreSQL, compiling a second copy with authentication disabled and
using your data directory as it's source :)
He he somebody can blow up ur home with C4, but this don't stop you from
locking ur door !?!
On Fri, 25 Oct 2002, Igor Georgiev wrote:
Next your going to ask what will stop root from stopping your
PostgreSQL, compiling a second copy with authentication disabled and
using your data directory as it's source :)He he somebody can blow up ur home with C4, but this don't stop you from
locking ur door !?!
It's more equivalent to giving him the keys and then wondering why the
lock doesn't stop him.