From: | Bram Mertens <bram(dot)mertens(at)anubex(dot)com> |
---|---|
To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Pg Docs <pgsql-docs(at)lists(dot)postgresql(dot)org> |
Subject: | RE: Please add best practice concerning user accounts |
Date: | 2020-10-21 07:46:34 |
Message-ID: | AM8PR08MB5716E9C2C5DE0D3097445AD6F41C0@AM8PR08MB5716.eurprd08.prod.outlook.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs |
Hi David,
Thanks for your quick reply.
I understand this is referring to the operating system user. But my understanding is that by default this user is *also* the superuser account of the database.
I’ve come across some quick-and-dirty setups where this operating system user was being used to manage the DB. And even worse used as the application user.
I’ve been unable to find any documentation that explains this is a bad idea.
Nor have I found any recommendation that in addition to this superuser account one or more accounts (roles) need to be created for management and use by clients/applications.
FYI the reason I was looking at this is that currently I’m struggling to set up an account and pg_hba configuration (https://www.postgresql.org/docs/11/auth-pg-hba-conf.html) that allows me to connect from a remote client.
Regards
Bram
From: David G. Johnston <david(dot)g(dot)johnston(at)gmail(dot)com>
Sent: Tuesday, 20 October 2020 18:15
To: Bram Mertens <bram(dot)mertens(at)anubex(dot)com>; Pg Docs <pgsql-docs(at)lists(dot)postgresql(dot)org>
Subject: Re: Please add best practice concerning user accounts
On Tue, Oct 20, 2020 at 9:08 AM PG Doc comments form <noreply(at)postgresql(dot)org<mailto:noreply(at)postgresql(dot)org>> wrote:
The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/11/postgres-user.html
Description:
The page describes the postgres user typically used as superuser for a
PostgreSQL cluster.
It would be useful to add information about best practices concerning the
use of this account (or better to avoid using this account) for DB
management and application connections.
I'm tending to agree that additional info along those lines is worthwhile to mention; but your comment seems to indicate that you are interpreting this user as being defined in the database when in fact it is the operating system user that is being described.
David J.
From | Date | Subject | |
---|---|---|---|
Next Message | PG Doc comments form | 2020-10-21 10:26:13 | Needs a link to docuementation about the server log location/configuration |
Previous Message | PG Doc comments form | 2020-10-21 01:41:37 | Word fix |