Bruce Momjian writes:
> I have an idea for the Unix socket file permissions and local 'trust'
> permissoins as default. Right now we allow the socket permissions to be
> set in postgresql.conf, but that seems like the wrong place for it.
>
> Suppose we add an option to pg_hba.conf for 'local' connections called
> 'singleuser' and 'singlegroup' which set enable socket permissions only for the
> postgres super-user or his group.
This is neither necessarily better, nor even possible.
The pg_hba.conf file describes a set (or list) of rules whose input values
are certain known parameters from the connection request and whose output
value is an authentication method. The permissions of the socket operate
on a completely different level: they are considered before a connection
request is even generated from the postmaster's point of view, and they
don't describe any part of any rule that evaluates to an authentication
method, instead they are a scalar state variable of the server.
You can have more than one 'local' record, but you can have only one set
of permissions for the socket, so it wouldn't work in general cases.
Moreover, attaching the permissions to each record gives users a view of
the world which really isn't there, which is quite worse, considering that
it's a security-related issue.
--
Peter Eisentraut peter_e@gmx.net
