Re: pg_hba.conf alternative

>> how? is there some kernel patch to completely to enable you to deny
>> access to root?
>> Tino Wildenhain pointed out SELinux has a feature like that.
>
> I still dont get your problem (apart from that you can always
> google for SELinux)
>
> Why arent the other "admins" not trustworthy? And why do you
> have many of them? If they only check logs and create users,
> why do they have to be admins? They could use carefully
> configured sudo as well to fullfill their tasks w/o full
> access to the system.
>
> I'd say, grep your problem at the root (literally spoken)

Yes. Exactly. I guess I misunderstood the situation. Admin is
vague word. It could mean db admins, it could mean a system
administrator for that computer etc. I apologize if that was
specified earlier in the discussion. I just assumed that if you
didn't want them to be able to edit the conf file that they wouldn't
have root because well... that just seems obvious. I realize though
that you don't need real security but rather a small barrier to give
the management the warm fuzzies.

I'm sure that you have your reasons but if you could make them non-
root users and give them privileges to do what they need to do with
sudo or something but not give them perms on the hba file then that
would seem to be a better solution all around than compiling your own
custom postgres.

Just a suggestion.