Re: [OT?] permissions - Mailing list pgsql-sql

From Peter Eisentraut
Subject Re: [OT?] permissions
Date
Msg-id Pine.LNX.4.30.0111191432520.612-100000@peter.localdomain
Whole thread Raw
In response to [OT?] permissions  ("Clayton Cottingham aka drfrog" <drfrog@smartt.com>)
Responses Re: [OT?] permissions
List pgsql-sql
Clayton Cottingham aka drfrog writes:

> im trying to set up a 'one user one database scenario'

local    sameuser    ident    sameuser

This allows a Unix user joe to connect only as database user joe and only
to database joe.  The catch is that local ident doesn't exist until
release 7.2, but you can still use host ident.

> while still maintaining the postgres user account

local    all        ident    specialmap

where the specialmap only maps postgres to postgres.  (This presumes only
you have access to the Unix account postgres.)  Another option is to use
'password specialfile', where the specialfile only contains an entry for
postgres.  Then you'd need a password to get in as postgres, but you can
do so from any account.

Now let's look at your mistakes:

> local         all                     trust    postgres
> host         all     127.0.0.1     255.255.255.255     trust     postgres
>
> but then anyone can
> psql -U postgres
> and get in without password!

The word after "trust" doesn't mean anything.  trust is trust.

> so i try
>
> #local ident not avail! right?
> host         all     127.0.0.1     255.255.255.255     ident     postgres
>
> and get this
> psql: No pg_hba.conf entry for host localhost, user postgres, database postgres
> even though it says 'all'

I don't know if it's the cause of the message, but 'ident postgres'
doesn't seem right.  The word after ident is not a user name.

> one would think there should be an extra option on this of user to connect
>
> like
>
> local         mydb                 password passwd myuser
> host         mydb       127.0.0.1     255.255.255.255    password passwd
> myuser

There is:  You only list the users you want to be able to get in in the
'passwd' file.

-- 
Peter Eisentraut   peter_e@gmx.net



pgsql-sql by date:

Previous
From: "Aasmund Midttun Godal"
Date:
Subject: Re: PL/pgSQL examples NOT involving functions
Next
From: Roland Roberts
Date:
Subject: Re: PL/pgSQL examples NOT involving functions