Re: PostgreSQL DBI DBD::Pg Access Problem - Mailing list pgsql-general

From postgresql@finner.de
Subject Re: PostgreSQL DBI DBD::Pg Access Problem
Date
Msg-id XFMail.011224084416.postgresql@finner.de
Whole thread Raw
In response to PostgreSQL DBI DBD::Pg Access Problem  (Samizdatt <Samizdatt@earthlink.net>)
List pgsql-general
On 24-Dec-01 Samizdatt sat down, thought for a long time and then wrote:
>
> I created 2 users in addition to postgres with the createuser
> command. These users have actual corresponding accounts on the
> system.
>
> (1)postgres - can create users and databases
> (2)root - can create databases
> (3)wwwrun - is just the web server account that can neither create
> databases nor users

Did you grant some rights for using the databases created by anybody
else (root, postgres) to the user "wwwrun"? It is not enough just to
have that user, the owner of the database (usually the creator) or any
database masteruser must grant specific rights to any other user who
should work with the database. Especially wwwrun, who may not create
his own database, must be given at least some rights, "SELECT" for
example.

>
> I modified the pg_hba.conf to temporarily allow connections from all
> users on the box by adding the following lines to the file:
>
> local all     trust
> host  all     127.0.0.1       255.255.255.255         trust
> host  all     10.10.10.50     255.255.255.255         trust
>

This means that all postgres users (postgres, root, wwwrun) on that
host may connect to the database engine without further examination, but
not, that they can do anything else, using a database for example. ;-)

> I can connect to any of the PostgreSQL databases through any of the 3
> user accounts using psql, but I can only connect to the databases
> with my web server cgi & command line Perl DBI/DBD::Pg applications
> by including "postgres" as the user in my DBI database handles. I'd
> like to be able to connect to the databases using the wwwrun user
> account that is restricted from creating both users and databases in
> my DBI based applications and cgi scripts.
>
> Since the pg_hba.conf is set to allow any user with an account in the
> PostgreSQL database to connect from my box, and I can connect to any
> of the databases through any of the 3 accounts using psql, shouldn't
> my DBI based cgi & command line Perl applications be able to connect
> to the same databases using any of the 3 postgres user accounts I
> created using createuser?

No, the user just may connect to the engine, but without granted rights
they may do nothing, at least wwwrun.

> Now, only including "postgres" as the user
> in my DBI/DBD::Pg database handles allows my cgi & command line
> programs to access my PostgreSQL data
> bases.
> *****************************************************
>
> Thank you for any assistance.
>

Hope it helps.

Greetings,
--
Frank Finner

And now there is no turning back at all.
                              (M. Moorcock, "Elric Of Melnibone")"

pgsql-general by date:

Previous
From: Steven Lane
Date:
Subject: postgres 7.1on Mac OS 10.1
Next
From: tony
Date:
Subject: Database recovery