I am trying to setup a computer where only the database can read/write to a partition. Basically, all other entities should fail. One thing I was thinking about was making the database own the partition itself (is this even possible?) but the problem is if someone can masquerade as the database user, this protection is weakened. I was wondering if there is a better way to do this...
EDIT: When I was googling for a solution, I came across a concept called instance-owning database partition. Would someone please explain what that is and if its relevant to my problem?
Thanks
There is no way you can make a database exclusively own a partition. You certainly can reserve the partition for use by the database and it can do raw read and writes to the partition.
Thank You... I'm sorry if its a silly question but what is the difference between owning and reserving a partition?
This is just a confusion of terms I think. I don't think "instance owning database partition" is the same thing at all, it sounds like something happening inside the database, not a partition outside of it; and a database won't be able to do much with a partition, but could store files inside its filesystem if you give it one. Usually, only root has access to the partitions; the filesystems inside them keep their own counsel so to speak.
A partition in OS terms is just a slice of disk space. It acts like a huge file of fixed size. A database wouldn't find this too useful unless you have something extremely specific in mind, nor would most other things, they'd rather create many files of smaller size and directories to order them; so usually a filesystem is created in these partitions.
Once the filesystem is created inside the partition, it can be mounted by the OS, after which it acts just like a directory. It has a user and group like any other directory and can be owned by whatever user you want irrespective of who has raw access to the partition.
What's the motivation behind this? Exclusive access to the partition, so nobody can read the database files or so there can be enough space guaranteed for the database application?
If the former is the reason, I'd suggest using encryption. The latter can achieved through file system quotas, I believe.
Good luck!