Re: PostgreSQL DBI DBD::Pg Access Problem - Mailing list pgsql-general
From | postgresql@finner.de |
---|---|
Subject | Re: PostgreSQL DBI DBD::Pg Access Problem |
Date | |
Msg-id | XFMail.011224084416.postgresql@finner.de Whole thread Raw |
In response to | PostgreSQL DBI DBD::Pg Access Problem (Samizdatt <Samizdatt@earthlink.net>) |
List | pgsql-general |
On 24-Dec-01 Samizdatt sat down, thought for a long time and then wrote: > > I created 2 users in addition to postgres with the createuser > command. These users have actual corresponding accounts on the > system. > > (1)postgres - can create users and databases > (2)root - can create databases > (3)wwwrun - is just the web server account that can neither create > databases nor users Did you grant some rights for using the databases created by anybody else (root, postgres) to the user "wwwrun"? It is not enough just to have that user, the owner of the database (usually the creator) or any database masteruser must grant specific rights to any other user who should work with the database. Especially wwwrun, who may not create his own database, must be given at least some rights, "SELECT" for example. > > I modified the pg_hba.conf to temporarily allow connections from all > users on the box by adding the following lines to the file: > > local all trust > host all 127.0.0.1 255.255.255.255 trust > host all 10.10.10.50 255.255.255.255 trust > This means that all postgres users (postgres, root, wwwrun) on that host may connect to the database engine without further examination, but not, that they can do anything else, using a database for example. ;-) > I can connect to any of the PostgreSQL databases through any of the 3 > user accounts using psql, but I can only connect to the databases > with my web server cgi & command line Perl DBI/DBD::Pg applications > by including "postgres" as the user in my DBI database handles. I'd > like to be able to connect to the databases using the wwwrun user > account that is restricted from creating both users and databases in > my DBI based applications and cgi scripts. > > Since the pg_hba.conf is set to allow any user with an account in the > PostgreSQL database to connect from my box, and I can connect to any > of the databases through any of the 3 accounts using psql, shouldn't > my DBI based cgi & command line Perl applications be able to connect > to the same databases using any of the 3 postgres user accounts I > created using createuser? No, the user just may connect to the engine, but without granted rights they may do nothing, at least wwwrun. > Now, only including "postgres" as the user > in my DBI/DBD::Pg database handles allows my cgi & command line > programs to access my PostgreSQL data > bases. > ***************************************************** > > Thank you for any assistance. > Hope it helps. Greetings, -- Frank Finner And now there is no turning back at all. (M. Moorcock, "Elric Of Melnibone")"
pgsql-general by date: