Re: user privilages for executing pg_autovacuum? - Mailing list pgsql-general

From Zlatko Matic
Subject Re: user privilages for executing pg_autovacuum?
Date
Msg-id 004301c5d0aa$3f8dea10$52bffea9@zlatkovyfkpgz6
Whole thread Raw
In response to user privilages for executing pg_autovacuum?  (Zlatko Matić <zlatko.matic1@sb.t-com.hr>)
List pgsql-general
No, I didn't try ident authentication...
It seems to me that security issues should be passd to client company's
system administrator ?


----- Original Message -----
From: "Jim C. Nasby" <jnasby@pervasive.com>
To: "Zlatko Matic" <zlatko.matic1@sb.t-com.hr>
Cc: "Tom Lane" <tgl@sss.pgh.pa.us>; "Matthew T. O'Connor"
<matthew@zeut.net>; <pgsql-general@postgresql.org>
Sent: Thursday, October 13, 2005 9:35 PM
Subject: Re: [GENERAL] user privilages for executing pg_autovacuum?


> AFAIK you can't, and there's not really much point anyway. Anyone with
> taccess to that file will be able to connect to the database.
>
> Have you looked at using ident authentication on localhost?
>
> On Wed, Oct 12, 2005 at 10:12:31AM +0200, Zlatko Matic wrote:
>> If I put password in pgpass file it's still a plain text. How to hide it
>> ?
>>
>> ----- Original Message -----
>> From: "Jim C. Nasby" <jnasby@pervasive.com>
>> To: "Tom Lane" <tgl@sss.pgh.pa.us>
>> Cc: "Zlatko Mati?" <zlatko.matic1@sb.t-com.hr>; "Matthew T. O'Connor"
>> <matthew@zeut.net>; <pgsql-general@postgresql.org>
>> Sent: Wednesday, October 12, 2005 1:14 AM
>> Subject: Re: [GENERAL] user privilages for executing pg_autovacuum?
>>
>>
>> >On Tue, Oct 11, 2005 at 02:39:24PM -0400, Tom Lane wrote:
>> >>=?iso-8859-2?Q?Zlatko_Mati=E6?= <zlatko.matic1@sb.t-com.hr> writes:
>> >>> That's the reason why I ask. If a user that executes pg_autovacuum
>> >>> must
>> >>> be
>> >>> owner of tables or a superuser, that it is a security problem to pass
>> >>> password as plain text...
>> >>> How peple solve this problem ?
>> >>
>> >>Put the password in a ~/.pgpass file belonging to the user that runs
>> >>the
>> >>autovacuum task.
>> >
>> >Or you can run pg_autovacuum on the server itself and allow ident
>> >authentication for unix sockets (assuming you're on unix/linux).
>> >--
>> >Jim C. Nasby, Sr. Engineering Consultant      jnasby@pervasive.com
>> >Pervasive Software      http://pervasive.com    work: 512-231-6117
>> >vcard: http://jim.nasby.net/pervasive.vcf       cell: 512-569-9461
>> >
>> >---------------------------(end of broadcast)---------------------------
>> >TIP 3: Have you checked our extensive FAQ?
>> >
>> >              http://www.postgresql.org/docs/faq
>>
>>
>> ---------------------------(end of broadcast)---------------------------
>> TIP 5: don't forget to increase your free space map settings
>>
>
> --
> Jim C. Nasby, Sr. Engineering Consultant      jnasby@pervasive.com
> Pervasive Software      http://pervasive.com    work: 512-231-6117
> vcard: http://jim.nasby.net/pervasive.vcf       cell: 512-569-9461
>
> ---------------------------(end of broadcast)---------------------------
> TIP 9: In versions below 8.0, the planner will ignore your desire to
>       choose an index scan if your joining column's datatypes do not
>       match


pgsql-general by date:

Previous
From: han.holl@informationslogik.nl
Date:
Subject: Postgres logs to syslog LOCAL0
Next
From: Josephine de Castro
Date:
Subject: Using LISTEN/NOTIFY in C#.NET