Re: [OT?] permissions

Clayton Cottingham aka drfrog writes:

> im trying to set up a 'one user one database scenario'

local sameuser ident sameuser

This allows a Unix user joe to connect only as database user joe and only
to database joe. The catch is that local ident doesn't exist until
release 7.2, but you can still use host ident.

> while still maintaining the postgres user account

local all ident specialmap

where the specialmap only maps postgres to postgres. (This presumes only
you have access to the Unix account postgres.) Another option is to use
'password specialfile', where the specialfile only contains an entry for
postgres. Then you'd need a password to get in as postgres, but you can
do so from any account.

Now let's look at your mistakes:

> local all trust postgres
> host all 127.0.0.1 255.255.255.255 trust postgres
>
> but then anyone can
> psql -U postgres
> and get in without password!

The word after "trust" doesn't mean anything. trust is trust.

> so i try
>
> #local ident not avail! right?
> host all 127.0.0.1 255.255.255.255 ident postgres
>
> and get this
> psql: No pg_hba.conf entry for host localhost, user postgres, database postgres
> even though it says 'all'

I don't know if it's the cause of the message, but 'ident postgres'
doesn't seem right. The word after ident is not a user name.

> one would think there should be an extra option on this of user to connect
>
> like
>
> local mydb password passwd myuser
> host mydb 127.0.0.1 255.255.255.255 password passwd
> myuser

There is: You only list the users you want to be able to get in in the
'passwd' file.

--
Peter Eisentraut peter_e(at)gmx(dot)net