Re: [GENERAL] How do I activate and change the postgres user's password? - Mailing list pgsql-hackers

From Aaron J. Seigo
Subject Re: [GENERAL] How do I activate and change the postgres user's password?
Date
Msg-id 99101411074605.25873@stilborne
Whole thread Raw
In response to Re: [GENERAL] How do I activate and change the postgres user's password?  (Lincoln Yeoh <lylyeoh@mecomb.com>)
List pgsql-hackers
hi...

> >There is a todo item for the postgres user to have a password by default.
> >I'm not sure though how that would be done. Probably in initdb. (?)
>
> Initdb sounds ok. Just have no password by default. \N is strange!

or how about a prompt for a password? when you run initdb it asks for a
password? or even a yes/no? i don't like leaving things to command line
switches, its too easy for a user to ignore/be ignorant of them and create a
situation that isn't secure or isn't what they want w/out knowing it. this only
reflects badly on the product at large instead of the clueless admin. :o/


> >> 2) Neither is there an obvious and easy way to change the user's password.
> >
> >alter user joe with password "foo";
> >
> >I'm not sure how obvious it is but it's certainly easy.
>
> Hmm, I couldn't find that tho. And I did look at the Admin guide docs.

i wasn't aware of this either (being relatively new to postgres.. less than a
year) but it smacks of ugly, imo.

>
> >> I find the bundled scripts and their associated documentation make things
> >> very nonintuitive when one switches from a blind trust postgres to an
> >> authenticated postgres.
> >
> >So that would put your vote in the "drop altogether" column? Voting is
> >still in progress!
>
> I'm neutral. I don't mind doing everything from psql.
>
> Perhaps the Admin guide should have a section on "How Real Postgres Admins
> do stuff"- e.g. using psql for admin stuff.

personally, i think that psql should not be allowed to do any admin stuff..
othewise it become a potential security hazard on a machine used by lots of
people. it should (imo) only be a database structure and data
retrieval/manipulation tool...

admin functions should occur from a seperate stand alone program. this way, you
avoid the ugliness of the scripts, which are inherently inflexible and bound to
be broken... also, you have one central agency that can be put under the
permissions of the postgres user or the DBA group on the box its installed on.

also, if its a stand-alone command-line program (C/C++/whatever) we can then
put a nice GUI front end on it and have a graphical admin tool which would be
AMAZINGLY useful. i'd probably even be willing to help write it (i'm just now
dipping into the world QT and finding it extremely exciting =)

this would also demand that we all "sit down" and come up with a standard, well
though-out process for security to be implemented in the admin tool.
perhaps even a different mailing list would be in order for this ...

the things i would love the admin tool to cover are (in no particular order):

o creating and admining users
   o passwords
   o access privileges
o creating databases
o creating and admining back up policies and procedures
o maintaining a postgres installation
   o disk usage
   o postmaster options
   o back-end options
   o default policies for new databases
o logging and usage analysis
o source code management (important, imo, for open source projects)
   o compile-time options (with/without TCL, etc)
   o application of patches (to alleviate the need to do this "by hand")
   0 upgrading from version w.x to version x.y

the tool could be made modular, so we can create a skeleton system and
add/remove/alter modules as we (the user community) desire.

> Is it just me, or is installing Oracle based on the Oracle installation
> manual like doing surgery following an academic textbook? e.g. chapter 1
> has 100 ways to do an incision. Chapter 2 has 20 ways on sewing up. Chapter
> 3 discusses anaesthesia. Chapter 4- tying blood vessels, (by the way please
> refer to chapter 2 for more sewing hints).. And so on. In the end one has

ROFL!!!! yes!!!! why is it that commercial software vendors INSIST on making
their manuals so arcane that they are as readable as the product is usable
w/out a manual? haha...

--
Aaron J. Seigo
Sys Admin

pgsql-hackers by date:

Previous
From: "Henry B. Hotz"
Date:
Subject: Re: [HACKERS] Scripts again
Next
From: "Aaron J. Seigo"
Date:
Subject: RE: [HACKERS] Re: [GENERAL] How do I activate and change the postgres user's password?