Re: Problems with user-level security

From: Stephan Szabo <sszabo(at)megazone23(dot)bigpanda(dot)com>
To: Nick Sayer <nsayer(at)quack(dot)kfu(dot)com>
Cc: <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Problems with user-level security
Date: 2001-11-07 17:03:52
Message-ID: 20011107090246.N49204-100000@megazone23.bigpanda.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Tue, 6 Nov 2001, Nick Sayer wrote:

> Maybe it's just me, but I think pg_hba.conf needs a user column in it.
>
> On the one hand, I need
>
> local sameuser password
>
> because I have untrusted users who should only have access to their own
> databases.
>
> On the other hand, I do a nightly pg_dumpall as part of the backups so that
> I don't have to dump the actual database working areas. For that to work, I
> need to say
>
> local all password
>
> so that my backup script will work.
>
> What I *really* want is for an extra column to be added to pg_hba.conf to
> specify the user of interest. Like this:
>
> all local sameuser password
> backups local all password
> pgsql local all password
>
> Does this make any sense? Is there some way to achieve this I am missing?
> The only way I can do backups at the moment is introduce a race condition
> so that anyone can connect to any database they like at certain times of
> day. Not good.

If you're using password, couldn't you do this by specifying the file
to look up the passwords in (the optional last parameter) on the local
all line and then only put the backups/pgsql password in it.

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Stephan Szabo 2001-11-07 17:07:49 Re: update in rule
Previous Message Chad R. Larson 2001-11-07 15:25:07 Re: Problems with user-level security