| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Nick Sayer <nsayer(at)quack(dot)kfu(dot)com> |
| Cc: | <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Problems with user-level security |
| Date: | 2001-11-08 00:26:02 |
| Message-ID: | Pine.LNX.4.30.0111072053310.835-100000@peter.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Nick Sayer writes:
> On the one hand, I need
>
> local sameuser password
>
> because I have untrusted users who should only have access to their own
> databases.
>
> On the other hand, I do a nightly pg_dumpall as part of the backups so that
> I don't have to dump the actual database working areas. For that to work, I
> need to say
>
> local all password
>
> so that my backup script will work.
If you are only concerned about local access then you should consider
using 'ident' authentication. In 7.1 this only works for TCP/IP
connections (so you have to go through 'localhost'), but in 7.2 it will
also work with local connections. Another possibility is to use 'local
sameuser trust' and set a filesystem permission on the socket. (See
unix_socket_* parameters in postgresql.conf.) In 7.2 we'll also have PAM,
so you'll be able to do whatever you want.
--
Peter Eisentraut peter_e(at)gmx(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | franklin | 2001-11-08 01:15:06 | what function likes M$SQL sp_helptext command in psql ??? |
| Previous Message | Tom Lane | 2001-11-07 18:21:08 | Re: Problems with user-level security |