| From: | Ron <ronljohnsonjr(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Q: pg_hba.conf separate database names file format |
| Date: | 2022-11-09 10:02:43 |
| Message-ID: | 14a96ca8-cba4-ec09-4420-b71c0719e8c8@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 11/8/22 23:19, Michael Paquier wrote:
> On Tue, Nov 08, 2022 at 02:16:03PM +0100, Albrecht Dreß wrote:
>> However, I could not find a specification of the format for this
>> file… It appears as if simply giving each database name on a
>> separate line does the job. Is this correct? May the file contain
>> comments (i.e. lines starting with “#”) or empty lines? May the
>> file be specified including a path (e.g. “@/some/path/databases”)?
> I have been playing with this code for the last couple of days, and
> the answer is that you can use an absolute path or a relative path.
> In the case of a relative path, the code considers the base directory
> as the parent directory of the file this is included in. For example,
> /data/pg/pg_hba.conf including a @databases.conf resolves as
> /data/pg/databases.conf, and a @conf/databases.conf resolves as
> /data/pg/conf/databases.conf.
>
> The parsing of these files uses the same rules as what's done for
> pg_hba.conf and pg_ident.conf, so you can specify a list of
> user names separated by commas or even spaces, or put one name per
> line. Comments beginning with '#' are ignored.
>
> If you want to play with your file and see the results, I would
> recommend to tweak the files, and then look at the contents generated
> in the system view pg_hba_file_rules. Querying pg_hba_file_rules
> loads directly the configuration files from disk, so there is no need
> to reload or restart the server to see the effects any modifications
> would have.
>
> The documentation has already some descriptions, that you've missed,
> perhaps:
> https://www.postgresql.org/docs/15/auth-pg-hba-conf.html
> "Files included by @ constructs are read as lists of names, which can
> be separated by either whitespace or commas. Comments are introduced
> by #, just as in pg_hba.conf, and nested @ constructs are
> allowed. Unless the file name following @ is an absolute path, it is
> taken to be relative to the directory containing the referencing
> file."
Are these "include" files supposed to solve the problem of having a *lot* of
databases (or users) that you want to allow access to?
--
Angular momentum makes the world go 'round.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | n.kobzarev | 2022-11-09 11:11:33 | Unnecessary locks for partitioned tables |
| Previous Message | 黄宁 | 2022-11-09 07:46:26 | write an analyze_function for own type |