| From: | Martin Atukunda <matlads(at)myrealbox(dot)com> |
|---|---|
| To: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: db security; user identification |
| Date: | 2004-01-27 13:54:13 |
| Message-ID: | 200401271654.14039.matlads@myrealbox.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
On Tuesday 27 January 2004 16:21, Marcin Gil wrote:
> Martin Atukunda wrote:
> > - local all all trust
> > + local all postgres trust
> > + local all all md5
>
> Ok. but if user does:
> psql -d template1 -U postgres?
>
> then he won't be asked about password but should.
> Everyone who can access psql, can get into db as postgres user.
> Not safe I suppose.
Quite true. This is not a safe option, particularly if you don't trust local
users. I suppose in this case you could maintain the following in
pg_hba.conf:
- local all all trust
+ local all all md5
and then have init the postmaster by using su.
i.e.
235:respawn:/bin/su - postgres -c /usr/local/pgsql/bin/start.sh
with start.sh having:
#!/bin/sh
DATADIR=/usr/local/pgsql/data
OPTIONS="-i -N 256 -B 512"
LOGFILE=/usr/local/pgsql/server.log
postmaster -D $DATADIR $OPTIONS > $LOGFILE 2>&1
- Martin -
--
"If we don't succeed, we run the risk of failure."
--Bill Clinton, President
| From | Date | Subject | |
|---|---|---|---|
| Next Message | lnd | 2004-01-27 13:58:07 | Increase stored proc. parameters max count |
| Previous Message | Marcin Gil | 2004-01-27 13:21:27 | Re: db security; user identification |