Home > mailing lists

Re: REVOKE CONNECT doesn't work in 8.3.5 - Mailing list pgsql-general

From	Tom Lane
Subject	Re: REVOKE CONNECT doesn't work in 8.3.5
Date	December 19, 2008 12:43:41
Msg-id	6975.1229694215@sss.pgh.pa.us Whole thread Raw
In response to	REVOKE CONNECT doesn't work in 8.3.5 (Zoltan Boszormenyi <zb@cybertec.at>)
Responses	Re: REVOKE CONNECT doesn't work in 8.3.5 (Zoltan Boszormenyi <zb@cybertec.at>)
List	pgsql-general

Tree view

Zoltan Boszormenyi <zb@cybertec.at> writes:
> I have "trust" entries in pg_hba.conf because my machine is closed.
> I added some PG users, and one of them was used in:

> REVOKE CONNECT ON DATABASE zozo FROM hs;

> However, user "hs" can happily connect to database "zozo"
> despite the REVOKE.

Unless you had previously done a specific GRANT CONNECT TO hs,
the above command doesn't do a darn thing.  The privilege that
actually exists by default is a grant of connect to PUBLIC.
What you need to do is REVOKE FROM PUBLIC, and then GRANT to
whichever users/groups you want to allow to connect.

            regards, tom lane

pgsql-general by date:

From: Thomas Kellerer
Date: 19 December 2008, 12:13:39
Subject: Re: How are locks managed in PG?

From: Zoltan Boszormenyi
Date: 19 December 2008, 13:21:45
Subject: Re: REVOKE CONNECT doesn't work in 8.3.5

Re: REVOKE CONNECT doesn't work in 8.3.5 - Mailing list pgsql-general

Previous

Next