Permissions problem - Mailing list pgsql-interfaces
| From | robert_hiltibidal_at_cms08405@ccmailgw.state.il.us |
|---|---|
| Subject | Permissions problem |
| Date | |
| Msg-id | 9906259303.AA930325869@ccmailgw.state.il.us Whole thread Raw |
| List | pgsql-interfaces |
Morning, I have an interesting problem... I'm running postgres 6.4.2 on a linux 2.2.6 system. 64mg ram,
130mgswap. I have a distributed network system here. I have some people who are not local that need the root
passwordto the system. Access97 is favored here so I thought I'd create a table with the password and limit the
accessto only to those people. The idea is these and only these people can see what the root password is without
havingto page me. I installed the postgres odbc driver on 1 nt machine and the rest are win95 machines.
Thedriver was installed to prompt for the username and password. I did take out the read only flags. There are
other tables these people have access to and need to be able to edit. The main Access97 database is stored on
anovell system a couple of floors away. That database is called WebAdmin. I linked the root table between the
linuxserver and the WebAmin.mdb file stored on the Novell drive. I did not link the tables as root. I linked them
asuser1. Each of the people involved can see the tables. So far so good. The problem is I created the table
asroot on the linux server. I limited the perms to SELECT for the people involved. Yet, we found out the people
cando INSERT,UPDATE, and DELETE queries. I had thought since I was logged on as user1 and then su'd to root
thatthe server attached my real user id and the root uid, to the table. This does not seem to be the case. My www
usercannot access tables not assigned to it. I created the WebAdmin.mdb file from my NT box using my user1
nameand password. Access97 tends to keep things stored in the system tables that allows a networked office to
sharethe same information. As long as the DSN is the same for all the computers Access97 will let all the users
seethe same stuff. I thought perhaps Access97 was trapping my user1 name and password in the system tables but I
didnot find them. The DSN connection does not show my username and password. Another factor is I can log on
tothe linux system as anyone of the users and *still* change the data in the user table. This argues for the
hbanot being set up right. But the server will not accept IDENT in the auth portion. When they are on the linux
serverI want the postgres server to use the users actual uid assigned in the passwd file. If these
peoplecan alter the root table unimpeded then there's a good possibility some novell admin can do the same. In
short,I'm being justifiably paranoid. Attached is the root.sql file used to create the table and the
restrictions I set on it. When I created this table I was su'd to root. I was not the postgres user. Is it possible
Ididn't set up the perms right? I've also included a portion of the hba table. Any ideas? -Rob --
Y2KProject Postgres SQL Server Data Dictionary -- Created by Robert Hiltibidal -- 25-JUN-99 DROP TABLE
root; CREATE TABLE root ( password varchar (10), recnum varchar (5) ); GRANT
SELECTon root to user1; GRANT SELECT on root to user2; GRANT SELECT on root to user3; GRANT SELECT on root to
user4; GRANT SELECT on root to user5; GRANT SELECT on root to user6; REVOKE INSERT,UPDATE,DELETE on root from
user2; REVOKE INSERT,UPDATE,DELETE on root from user3; REVOKE INSERT,UPDATE,DELETE on root from user4; REVOKE
INSERT,UPDATE,DELETEon root from user5; REVOKE INSERT,UPDATE,DELETE on root from user6; REVOKE
INSERT,UPDATE,DELETEon root from user1; ##############HBA Table local all
trust host all 0.0.0.0 0.0.0.0 password y2k
pgsql-interfaces by date: