Run PostgreSQL without admin / superuser

This answer is about PostgreSQL.

You cannot drop a superuser unless you are a superuser yourself. Nobody can drop the bootstrap superuser (normally postgres) because he owns the system objects.

Resetting the password won't prevent a user from logging in.

Keep the superuser around and don't allow it to connect.

For that, you could add the following lines at the beginning of pg_hba.conf:

host all postgres 0.0.0.0/0 reject
host all postgres ../0 reject
# if you are truly paranoid and want to forbid local connections
local all postgres reject

Don't forget to reload PostgreSQL after that.

• Thanks for the answer, but if the database runs on a machine locally, what prevents the hacker from just changing the pg_hba.conf file? The method could be easily changed to TRUST again, couldn't it?

  Niklay

  – Niklay

  2019年05月29日 14:45:36 +00:00

  Commented May 29, 2019 at 14:45
• 2
  There is no way to keep an attacker with shell access as PostgreSQL OS user from breaking into the database. Don't even try. It will take an expert 5 minutes. What you should do is secure the database from remote attacks.

  Laurenz Albe

  – Laurenz Albe

  2019年05月29日 16:32:35 +00:00

  Commented May 29, 2019 at 16:32

Both databases offer superuser access to the person who installed them. eg postgresql's single user mode and mysql's –skip-grant-tables

If you want to hide information from the user don't store it on their computer. you could try encrypting it and that will work until they figure out how you have encrypted it.

Given that you've set the owner of the computer up as your adversary you may be able to use the TPM to help you, but that would be off-topic here.

• mysql
• postgresql
• security