Re: Problems with user-level security - Mailing list pgsql-admin

From Peter Eisentraut
Subject Re: Problems with user-level security
Date
Msg-id Pine.LNX.4.30.0111072053310.835-100000@peter.localdomain
Whole thread Raw
In response to Problems with user-level security  (Nick Sayer <nsayer@quack.kfu.com>)
List pgsql-admin
Nick Sayer writes:

> On the one hand, I need
>
> local sameuser password
>
> because I have untrusted users who should only have access to their own
> databases.
>
> On the other hand, I do a nightly pg_dumpall as part of the backups so that
> I don't have to dump the actual database working areas. For that to work, I
> need to say
>
> local all password
>
> so that my backup script will work.

If you are only concerned about local access then you should consider
using 'ident' authentication.  In 7.1 this only works for TCP/IP
connections (so you have to go through 'localhost'), but in 7.2 it will
also work with local connections.  Another possibility is to use 'local
sameuser trust' and set a filesystem permission on the socket.  (See
unix_socket_* parameters in postgresql.conf.)  In 7.2 we'll also have PAM,
so you'll be able to do whatever you want.

--
Peter Eisentraut   peter_e@gmx.net


pgsql-admin by date:

Previous
From: Nick Sayer
Date:
Subject: Re: Problems with user-level security
Next
From: Tom Lane
Date:
Subject: Re: Problems with user-level security