From: | Andreas Wenk <a(dot)wenk(at)netzmeister-st-pauli(dot)de> |
---|---|
To: | Steve Atkins <steve(at)blighty(dot)com> |
Cc: | pgsql-general List <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: [Re: Password?] |
Date: | 2009-07-08 17:50:10 |
Message-ID: | 4A54DC52.6030805@netzmeister-st-pauli.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Steve Atkins schrieb:
>
> On Jul 8, 2009, at 6:19 AM, Andreas Wenk wrote:
>
>> Jasen Betts schrieb:
>>> On 2009-07-08, Andreas Wenk <a(dot)wenk(at)netzmeister-st-pauli(dot)de> wrote:
>>>> Serge Fonville schrieb:
>>>>>> *argh* - more detailed to avoid confusion. The auth method
>>>>>> 'password' in
>>>>>> pg_hba.conf means, that you will be asked for a password for the
>>>>>> user you
>>>>>> try to create a db with. If no user is given (with createdb -U
>>>>>> [username]),
>>>>>> this user is postgres ...
>>>>> Wasn't it that it uses the currently logged on user is used if no user
>>>>> is specified?
>>>> correct - so this will be postgres because other users are not
>>>> allowed to use these
>>>> programs ...
>
> That's not true.
you are right!Sorry for that mistake.
>
>>>>
>>>> /var/lib/postgresql/8.4/bin$ ./createdb test -p 5433
>>>> createdb: could not connect to database postgres: FATAL: role
>>>> "duke" does not exist
>>>>
>>>> $ sudo su postgres
>>>> postgres(at)duke-linux:~/8.4/bin$ ./createdb test -p 5433
>>>> postgres(at)duke-linux:~/8.4/bin$
>>>>
>>>> auth method in pg_hba.conf is trust in this case.
>>> if it's "trust" any user can do
>>> ~postgres/8.4/bin/createdb -U postgres -p 5433 test
>>
>> nope! what you did is calling createdb as system user postgres (I
>> believe because of the ~ sign at the beginning) *and* giving the
>> option -U postgres. That works for sure and you even don't need -U
>> postgres since you are allready postgres. But leave -U postgres away
>> as a system user not equal to postgres ... see my example above.
>
> Nor is that.
Why not? I think it is but maybe I did not write it understandable
enough. See my example.
>
> Most of the postgresql client tools, including createdb, can be used by
> any operating system user to connect to the database as any database user.
>
> If they are called with "-U foo" then they will attempt to connect to
> the database as database user "foo".
>
> If they are not called with -U then they will usually attempt to connect
> to the database as the current operating system user (though that can be
> overridden with the PGUSER or PGSERVICE environment variables).
>
> So if I'm logged in as steve and I do "createdb test" then I will try
> and connect to the database as database user steve and create the test
> database. If I do "createdb -U postgres test" I will try to connect to
> the database as database user "postgres" and create the test database.
this is exactly my example. I am the system user duke but there is no
role duke in the db. The result is the error message. Using -U postgres
is successful.
But in the case shown by Swati she is allready the system user postgres.
So there's no need to put the option -U postgres. Correct? See my example.
>
> Whether I'm prompted for a password or not depends on the settings in
> pg_hba.conf. Typically the postgres operating system user is allowed to
> connect to the database as the postgres database user without a
> password. Other OS user / database user combinations may or may not need
> a password depending on whether pg_hba.conf is set up to ask for one or
> not - how that is set up as default varies, but it's fairly common to
> require a password.
exactly. Thanks a lot for explaining that way better.
>
> Cheers,
> Steve
>
>
Actually I think we both know how it works ;-)
Cheers
Andy
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2009-07-08 17:50:34 | Re: Checkpoint Tuning Question |
Previous Message | Massa, Harald Armin | 2009-07-08 17:39:16 | PostgreSQL and Poker |