From: | "Jameson C(dot) Burt" <jameson(at)coost(dot)com> |
---|---|
To: | pgsql-admin(at)postgresql(dot)org |
Cc: | jameson(at)coost(dot)com |
Subject: | Access by 1000 users to view postgres tables without recreating accounts? |
Date: | 2002-05-20 04:52:01 |
Message-ID: | 20020520045201.GA27050@coost.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Can one permit numerous users to view Postgresql tables (subject to per
table permissions, of course), yet not need to recreate password entries
for Postgresql's mostly duplication of /etc/passwd.
That is, given one already administers 1000 users,
can one keep the extra administration time for 1000 viewers
of Postgresql tables low?
It seems reasonable that any Postgresql table with access for everyone
should be readable by anyone without postgres acting as a gatekeeper
prohibiting most people even initial Postgresql access.
I do not feel it is reasonable that I should need to recreate password
information for 1000 users to satisfy Postgresql when the
/etc/passwd information of all 1000 users is already available
at the system level (even though this could be automated).
I am willing to spend effort giving permissions for people who will
create/alter Postgresql tables, but I do not feel I ought to spend
any effort accomodating system user files into Postgresql when people
will only view (read) Postgresql tables.
Yes, I could obliterate security, as I currently do, with
host all 0.0.0.0 0.0.0.0 trust
but this is the other unacceptable extreme.
I am left with two choices,
1. Go to enormous incessant work accomodating 1000 users.
2. Allow 1000 users to obliterate each others Postgresql tables.
Did I miss a commonly used trick to accomodate 1000 users viewing
Postgresql tables?
In most server/client arrangements as for sound or webpages,
the server's main purpose is to provide needed permissions;
but in the Postgresql daemon,
I see no lessening of needed user permissions!
The postgres daemon seems to increase access speed,
but does not seem to make user access easier
on either the administrator or the user.
Perhaps people use a second server for such situations; eg, an apache
server using a username acceptable to Postgresql (though one would hope
for some commandline access).
I have merely tried psql access.
For 2 years, I have read hundreds of pages on PostgreSQL,
including official html and postscript documents,
books like "PostgreSQL: Introduction and Concepts" and
"Practical PostgreSQL", and email archives.
While these documents have taught me much about using PostgreSQL,
I have not gone beyond treating PostgreSQL as more than a plaything
until I can get other users to view Postgresql tables
without exhorbitant time administering users.
Any suggestions?
Probably irrelevant conditions:
I run Debian Linux 3.0
I run Postgresql 7.2.1
--
Jameson C. Burt, NJ9L Fairfax, Virginia, USA
jameson(at)coost(dot)com http://www.coost.com
(202) 690-0380 (work)
From | Date | Subject | |
---|---|---|---|
Next Message | Jean-Michel POURE | 2002-05-20 07:31:31 | Re: [HACKERS] UTF-8 safe ascii() function |
Previous Message | Patrice Hédé | 2002-05-19 19:14:42 | Re: [HACKERS] UTF-8 safe ascii() function |