From: | "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
---|---|
To: | "Frank Lanitz *EXTERN*" <frank(at)frank(dot)uvena(dot)de>, <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Best practice non privilege postgres-user |
Date: | 2012-08-17 13:16:24 |
Message-ID: | D960CB61B694CF459DCFB4B0128514C2084EEEFA@exadv11.host.magwien.gv.at |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Frank Lanitz wrote:
> I'm looking for some kind of best practice for a non-privilege
postgres
> user. As not all operations can be done within psql you might need
> access to postgres- on command line from time to time. Currently this
is
> done via root-privvileges and >su - postgres< directly on database
> server - which is might not the best idea. Therefor our goal is to
limit
> access to a little number of people on the first hand and don't
> necessary give them root-privileges on the databse server. We
> experimented a bit with sudo but had issues with some of the
> environmental variables. So my question is: do you have any best
> practice how to manage this? Is there any golden rule for this?
When you say "access to postgres on command line", I assume that you
mean "shell access as PostgreSQL OS user".
One easy way would be to setup ssh and either give the OS password
of "postgres" to the trusted people or configure ssh to accept only
certain certificates.
There are other ways to authenticate; I guess the best solution
will depend on your environment and your needs.
If you mean "access to PostgreSQL via psql as superuser", there
is no need for shell access to the database machine itself.
Again you can either hand out the password or set up some
more advanced authentication method.
Yours,
Laurenz Albe
From | Date | Subject | |
---|---|---|---|
Next Message | Matthew Vernon | 2012-08-17 15:59:43 | Replication with infrequent large updates |
Previous Message | Wolfgang Keller | 2012-08-17 13:07:42 | Messy data models (Re: Visualize database schema) |