Postgres Pro
Downloads
Home   >   mailing lists

Thread: Please add best practice concerning user accounts

Please add best practice concerning user accounts

From
PG Doc comments form
Date:
The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/11/postgres-user.html
Description:

The page describes the postgres user typically used as superuser for a
PostgreSQL cluster.
It would be useful to add information about best practices concerning the
use of this account (or better to avoid using this account) for DB
management and application connections.

Re: Please add best practice concerning user accounts

From
"David G. Johnston"
Date:
On Tue, Oct 20, 2020 at 9:08 AM PG Doc comments form <noreply@postgresql.org> wrote:
The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/11/postgres-user.html
Description:

The page describes the postgres user typically used as superuser for a
PostgreSQL cluster.
It would be useful to add information about best practices concerning the
use of this account (or better to avoid using this account) for DB
management and application connections.

I'm tending to agree that additional info along those lines is worthwhile to mention; but your comment seems to indicate that you are interpreting this user as being defined in the database when in fact it is the operating system user that is being described.

David J.

RE: Please add best practice concerning user accounts

From
Bram Mertens
Date:

Hi David,

 

Thanks for your quick reply.

 

I understand this is referring to the operating system user. But my understanding is that by default this user is *also* the superuser account of the database.

I’ve come across some quick-and-dirty setups where this operating system user was being used to manage the DB. And even worse used as the application user.

 

I’ve been unable to find any documentation that explains this is a bad idea.

Nor have I found any recommendation that in addition to this superuser account one or more accounts (roles) need to be created for management and use by clients/applications.

 

FYI the reason I was looking at this is that currently I’m struggling to set up an account and pg_hba configuration (https://www.postgresql.org/docs/11/auth-pg-hba-conf.html) that allows me to connect from a remote client.

 

Regards

 

Bram

 

From: David G. Johnston <david.g.johnston@gmail.com>
Sent: Tuesday, 20 October 2020 18:15
To: Bram Mertens <bram.mertens@anubex.com>; Pg Docs <pgsql-docs@lists.postgresql.org>
Subject: Re: Please add best practice concerning user accounts

 

On Tue, Oct 20, 2020 at 9:08 AM PG Doc comments form <noreply@postgresql.org> wrote:

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/11/postgres-user.html
Description:

The page describes the postgres user typically used as superuser for a
PostgreSQL cluster.
It would be useful to add information about best practices concerning the
use of this account (or better to avoid using this account) for DB
management and application connections.

 

I'm tending to agree that additional info along those lines is worthwhile to mention; but your comment seems to indicate that you are interpreting this user as being defined in the database when in fact it is the operating system user that is being described.

 

David J.