| From: | David Gauthier <davegauthierpg(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Can Pg somehow recognize/honor linux groups to control user access ? |
| Date: | 2018-08-22 15:56:14 |
| Message-ID: | CAMBRECCm98COXfFXcCzfh088TnX1EA7zozxzyDbErpXz_t9t2Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi:
The title says it all. I need to be control who can gain access to a DB
based on a linux user group. I can set up a generic role and password, but
also want to prevent users who are not in a specific linux group from
accessing the DB. For code that works with the DB, this is easy (just
chmod the group on the code file(s)). But is there a way to add an
additional gauntlet that checks membership in the linux group if, for
example, they were trying to get in using psql at the linux prompt ?
There are a couple hundred in the linux group and the list of names changes
constantly. I suppose creating a DB role per user in the linux group may be
possible if something like a cron was maintaining this (creating/dropping
uid based roles as the group membership changes) then give everyone the
same password. But does that prevent someone outside the linux group from
just logging in with someone else's uid and the generic password?
I'm hoping that this is a common need and that someone has a good solution.
Thanks in Advance for any help!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ravi Krishna | 2018-08-22 15:58:53 | Re: Can Pg somehow recognize/honor linux groups to control user access ? |
| Previous Message | Maksim Milyutin | 2018-08-22 14:43:30 | Re: "checkpointer process" is consuming more memory. How to control it? |