Hi,
Don't think this made it the first time...
Thanks,
Andrew
---------- Forwarded message ----------
Date: Sat, 26 Aug 2000 15:45:55 +1000 (EST)
From: andrew@ugh.net.au
To: pgsql-general@postgresql.org
Subject: Local Users "su'ing"
Hi,
I'm running postgresql 7.0.2 under FreeBSD 4.1-STABLE. If a user runs
pgsql from the command line and then types \c - <user> they can connect to
the database with the priveleges of <user>. No password is required,
presumably because of the line in pg_hba.conf:
local all trust
Great fun for someone who su's to pgsql...
A couple of questions...
1) This seems to be an odd default behaviour. Should it be documented
fairly clearly somewhere (perhaps it is but I missed it) or should the
default pg_hba.conf require passwords?
2) Is it possible to not require passwords if the local user connects to
postgres as a postgres user of the same name but require a password in all
other circumstances?
Thanks,
Andrew
