Thread: All users can enter as one user "puser" without superuser priviledges: how?

All users can enter as one user "puser" without superuser priviledges: how?

From
Jameson Burt
Date:
I seek a simplistic access,

1. superuser "postgres" gets access when his system-name is "postgres",
   but not otherwise [some security sought].
   This can be done in pg_hba.conf with either
      local all  peer sameuser
      local all trust   #but anyone then gets "postges" access.

2. One other user, say "puser", gets access whatever his system-name.
   The above
      local all peer sameuser
   disallows an arbitrary username entering as  "psql template1 -U puser".
   One can use
      host all 127.0.0.1 255.0.0.0 ident jimsmap
   then have pg_ident.conf  with 1000 user entries like
      jimsmap    jameson  puser
   However, I seek a simpler method for numerous users,
   each of whom will be granted access as user "puser".
   ANY IDEAS?




--
Jameson C. Burt, NJ9L   Fairfax, Virginia, USA
jameson@coost.com       http://www.coost.com
(202) 690-0380 (work)

Re: All users can enter as one user "puser" without

From
"Andrew G. Hammond"
Date:
On Mon, 2001-12-17 at 01:42, Jameson Burt wrote:
> I seek a simplistic access,
>
> 1. superuser "postgres" gets access when his system-name is "postgres",
>    but not otherwise [some security sought].
>    This can be done in pg_hba.conf with either
>       local all  peer sameuser
>       local all trust   #but anyone then gets "postges" access.
>
> 2. One other user, say "puser", gets access whatever his system-name.
>    The above
>       local all peer sameuser
>    disallows an arbitrary username entering as  "psql template1 -U puser".
>    One can use
>       host all 127.0.0.1 255.0.0.0 ident jimsmap
>    then have pg_ident.conf  with 1000 user entries like
>       jimsmap    jameson  puser
>    However, I seek a simpler method for numerous users,
>    each of whom will be granted access as user "puser".
>    ANY IDEAS?

Have each user log in from the same UNIX account.

Instead of trying to make all users into one user, which is almost never
a good idea, why not just use the PUBLIC concept in the database's
access control system?  Give each user their own userid, and GRANT
necessary access to PUBLIC.

--
Andrew G. Hammond     mailto:drew@xyzzy.dhs.org
http://xyzzy.dhs.org/~drew/
56 2A 54 EF 19 C0 3B 43 72 69 5B E3 69 5B A1 1F
613-389-5481
5CD3 62B0 254B DEB1 86E0  8959 093E F70A B457 84B1
"To blow recursion you must first blow recur" -- me

Attachment