From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
---|---|
To: | David Gauthier <davegauthierpg(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Can Pg somehow recognize/honor linux groups to control user access ? |
Date: | 2018-08-22 16:11:19 |
Message-ID: | 47d3c240-73ef-9b00-64d5-6c2cfb4d9b18@commandprompt.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 08/22/2018 08:56 AM, David Gauthier wrote:
> Hi:
>
> The title says it all. I need to be control who can gain access to a
> DB based on a linux user group. I can set up a generic role and
> password, but also want to prevent users who are not in a specific
> linux group from accessing the DB. For code that works with the DB,
> this is easy (just chmod the group on the code file(s)). But is there
> a way to add an additional gauntlet that checks membership in the
> linux group if, for example, they were trying to get in using psql at
> the linux prompt ?
>
> There are a couple hundred in the linux group and the list of names
> changes constantly. I suppose creating a DB role per user in the linux
> group may be possible if something like a cron was maintaining this
> (creating/dropping uid based roles as the group membership changes)
> then give everyone the same password. But does that prevent someone
> outside the linux group from just logging in with someone else's uid
> and the generic password?
> I'm hoping that this is a common need and that someone has a good
> solution.
>
> Thanks in Advance for any help!
You could probably write a pam module to do it but it seems to be your
are inverting the problem and should be looking at this from a Postgres
not Linux perspective. Perhaps consider using an SSO solution for both
Linux and Postgres.
JD
--
Command Prompt, Inc. || http://the.postgres.company/ || @cmdpromptinc
*** A fault and talent of mine is to tell it exactly how it is. ***
PostgreSQL centered full stack support, consulting and development.
Advocate: @amplifypostgres || Learn: https://postgresconf.org
***** Unless otherwise stated, opinions are my own. *****
From | Date | Subject | |
---|---|---|---|
Next Message | Ravi Krishna | 2018-08-22 16:38:10 | Re: Can Pg somehow recognize/honor linux groups to control user access ? |
Previous Message | David G. Johnston | 2018-08-22 16:08:12 | Re: Can Pg somehow recognize/honor linux groups to control user access ? |