Re:simple question for users and db - Mailing list pgsql-general

From Dragos Stoichita
Subject Re:simple question for users and db
Date
Msg-id SAK.2000.05.17.fonfcbgq@ddd
Whole thread Raw
In response to simple question for users and db  ("Nikolay Mijaylov" <nmmm@nmmm.nu>)
List pgsql-general
Original message from: "Nikolay Mijaylov"
>hi
>the question is pretty simple....
>I have a database, and I want to reject connection for some users...
>
>why:
>Ok, i can protect all tables into the database, but anyone (who is registred
>pgsql user) can connect and create tables into any database...
>
>why i ask:
>I just began a webhosting busines, and i want to give access to pgsql to my
>clients....
>
>what to do?
>
>merci
>

Hi,

In your database directory, you should have a pg_hba.conf file.
This file contains the authentification rules for your PostgreSQL database.

You write lines in this file to authorize users or not to access a given database:

The lines are of the form:

TYPE       DATABASE    IP_ADDRESS    MASK              USERAUTH  MAP

For example:

host       clients  112.124.21.0     255.255.255.0   password  clients_passwd

Authorizes all users from the subnet 112.124.21.0/255.255.255.0 to access the database
"clients" using an authentification of type "password" if they are in the password file
clients_passwd.

So for example, if you want to add users to "clients", first add them with the "createuser"
command, then do a "pg_passwd clients_passwd" to set the password for the given user.
Every other user not in clients_passwd or outside the subnet or not connecting via TCP/IP
will be rejected. There is also the type local, for connecting via pipes when you are on
tha same machine, so if you need to have local request, better add also this line:

local clients password clients_passwd

And don't forget to remove

host all 127.0.0.1 255.255.255.255 trust
local all trust

at the end of pg_hba.conf, as it comes by default.

If you need more help, please look at the syntax in pg_hba.conf, it is well explained, but
if you really can't understand or have a serious problem you can always try here.

Perhaps some people will give you a strong answer like "read the docs and shut up" or
something like that. But remember there are always some nice people in every forum or
mailing list that help you, even if you ask basic questions.

Good luck.

Dragos Stoichita.



pgsql-general by date:

Previous
From: Dragos Stoichita
Date:
Subject: Re: Am I really stupid???
Next
From: Lincoln Yeoh
Date:
Subject: Re: COPY fails to read source file