| From: | Nick Sayer <nsayer(at)quack(dot)kfu(dot)com> |
|---|---|
| To: | <sszabo(at)megazone23(dot)bigpanda(dot)com> |
| Cc: | <nsayer(at)quack(dot)kfu(dot)com>, <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Problems with user-level security |
| Date: | 2001-11-07 17:50:01 |
| Message-ID: | 3154.66.126.254.34.1005155401.squirrel@medusa.kfu.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Stephan Szabo wrote:
> On Tue, 6 Nov 2001, Nick Sayer wrote:
[...]
>> What I *really* want is for an extra column to be added to pg_hba.conf
>> to specify the user of interest. Like this:
>>
>> all local sameuser password
>> backups local all password
>> pgsql local all password
>>
>> Does this make any sense? Is there some way to achieve this I am
>> missing? The only way I can do backups at the moment is introduce a
>> race condition so that anyone can connect to any database they like at
>> certain times of day. Not good.
>
> If you're using password, couldn't you do this by specifying the file
> to look up the passwords in (the optional last parameter) on the local
> all line and then only put the backups/pgsql password in it.
That solution works perfectly. I now have
local sameuser password
local all password pg_superusers
and have added the backup user to pg_superusers using pg_passwd. I am a
happy camper! Especially nice is that I can empty out the pg_shadow
password for the superusers.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-11-07 18:21:08 | Re: Problems with user-level security |
| Previous Message | Stephan Szabo | 2001-11-07 17:07:49 | Re: update in rule |