[CentOS] PostgreSQL/SELinux Error - relation "pg_catalog.pg_user" does not exist

Tue May 24 16:13:52 UTC 2005
John Logsdon <j.logsdon at quantex-research.com>

Well apart from the furore that my comments generated (which I did put in
a rant and apologise for!), these came from people who already are if not
sysadmins, well capable of being so.  

I understand that by adding someone to your group, they can access your
data.  All of it.  So you have an all or nothing scenario.  And you can
access someone else's data in the same manner.

But the original idea behind groups as far as I understand it was that
they could define a project. The way RH have implemented it, all projects
have one person and projects = persons.  The way Debian have implemented
it, all users are in the same project = there is only one project.

The issue really of course is that you (ordinary hardworking(?) users)
can't grant other people access to your data at all.  You have to get the
sysadmin to do it for you.  So in a busy environment, sysadmins are likely
to welcome such trivial requests with the open arms of prevarication.
Sometimes boxes of chocolates or bunches of flowers may make this a rather
quicker procedure - or just being nice can work wonders I believe.

The other way is to use POSIX ACLs - which are a great improvement because
they give the user the control.  But again these only define a user,
groups or other - to define access to a group of people still requires
someone to define the group.  Back to charming the sysadmin.

Still it makes for an interesting discussion. :-)))

Pip pip

John

John Logsdon                               "Try to make things as simple
Quantex Research Ltd, Manchester UK         as possible but not simpler"
j.logsdon at quantex-research.com              a.einstein at relativity.org
+44(0)161 445 4951/G:+44(0)7717758675       www.quantex-research.com


On Tue, 24 May 2005, Peter Farrow wrote:

> As you have pointed out it restricts the security granularity of the 
> system, which in turn will lead to other "work arounds" to achieve 
> better granlarity and those work arounds will ultimately lead to 
> sloppiness, making Johns point very valid indeed.
> 
> I am glad you found it funny, its always best to keep a light hearted 
> approach and standback and laugh at yourself from time to time, it took 
> you long enough but you got there in the end, and not through any lack 
> of effort on your part either ;-)
> 
> well done
> 
> P.
> 
> 
> Feizhou wrote:
> 
> > Peter Farrow wrote:
> >
> >> "This allows usera to give userb but no others (other than root of 
> >> course) full permissions on files that usera wants to share with 
> >> userb (0770). How else can usera do this if not via usera's group 
> >> permissions"
> >>
> >> they cant if they are each in non joined groups, which is why 0770 is 
> >> the same as 0700
> >
> >
> > LOL. I cannot believe that the point was that because new users would 
> > be created with their own uid and gid and their home directory 
> > ownership set to the same makes a system more sloppy security wise.
> >
> > Other than this facilitating the future use/need for usera to allow 
> > only select users to access some of usera's files, it makes no 
> > difference to the 'security sloppiness' of the system.
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>