Skip site navigation (1) Skip section navigation (2)

Re: newbie question: ERROR: getattproperties: no attribute tuple 1259 -2

From: Larry Rosenman <ler(at)lerctr(dot)org>
To: pgsql-general <pgsql-general(at)postgresql(dot)org>
Cc: vogt(at)arborhost(dot)com
Subject: Re: newbie question: ERROR: getattproperties: no attribute tuple 1259 -2
Date: 2000-10-28 17:19:33
Message-ID: 20001028121933.A27315@lerami.lerctr.org (view raw or flat)
Thread:
Lists: pgsql-general
* Robert Vogt IV <vogt(at)arborhost(dot)com> [001028 12:10]:
[SNIP]
>     By the way- does anybody know of any resources related to securing
> databases.  We'd like to only allow certain users access to each database,
> but cannot find the appropriate section in any of the documentation pages.
Look at pg_hba.conf in your data directory.  Here is mine from 7.0.2:
# cat pg_hba.conf
#
# Example PostgreSQL host access control file.
#
# 
# This file controls what hosts are allowed to connect to what
# databases
# and specifies some options on how users on a particular host are
# identified.
# It is read each time a host tries to make a connection to a
# database.
# 
# Each line (terminated by a newline character) is a record.  A record
# cannot
# be continued across two lines.
# 
# There are 3 kinds of records:
# 
#   1) comment:  Starts with #.
# 
#   2) empty:  Contains nothing excepting spaces and tabs.
# 
#   3) content: anything else.  
# 
# Unless specified otherwise, "record" from here on means a content
# record.
# 
# A record consists of tokens separated by spaces or tabs.  Spaces and
# tabs at the beginning and end of a record are ignored as are extra
# spaces and tabs between two tokens.
# 
# The first token in a record is the record type.  The interpretation
# of the
# rest of the record depends on the record type.
# 
# Record type "host"
# ------------------
# 
# This record identifies a set of network hosts that are permitted to
# connect
# to databases.  No network hosts are permitted to connect except as
# specified
# by a "host" record.  See the record type "local" to specify
# permitted
# connections using UNIX sockets.
#
# Format:
# 
#   host DBNAME IP_ADDRESS ADDRESS_MASK USERAUTH [AUTH_ARGUMENT]
# 
# DBNAME is the name of a PostgreSQL database, "all" to indicate all 
# databases, or "sameuser" to restrict a user's access to a database
# with the same user name.
# 
# IP_ADDRESS and ADDRESS_MASK are a standard dotted decimal IP address
# and
# mask to identify a set of hosts.  These hosts are allowed to connect
# to 
# Database DBNAME. 
# 
# USERAUTH is a keyword indicating the method used to authenticate the 
# user, i.e. to determine that the principal is authorized to connect
# under the PostgreSQL username he supplies in his connection
# parameters.
#
#   ident:  Authentication is done by the ident server on the remote
#           host, via the ident (RFC 1413) protocol.  AUTH_ARGUMENT,
#           if
#           specified, is a map name to be found in the pg_ident.conf
#           file.
#           That table maps from ident usernames to PostgreSQL
#           usernames.  The
#           special map name "sameuser" indicates an implied map (not
#           found
#           in pg_ident.conf) that maps every ident username to the
#           identical
#           PostgreSQL username.
#
#   trust:  No authentication is done.  Trust that the user has the 
#           authority to use whatever username he specifies.  Before 
#           PostgreSQL version 6, all authentication was done this
#           way.
#
#   reject: Reject the connection.
#
#   password:  Authentication is done by matching a password supplied
#   in clear
#              by the host.  If AUTH_ARGUMENT is specified then the
#              password
#              is compared with the user's entry in that file (in the
#              $PGDATA
#              directory).  See pg_passwd(1).  If it is omitted then
#              the
#              password is compared with the user's entry in the
#              pg_shadow
#              table.
#
#   crypt:  Authentication is done by matching an encrypted password
#   supplied
#           by the host with that held for the user in the pg_shadow
#           table.
#
#   krb4:   Kerberos V4 authentication is used.
#
#   krb5:   Kerberos V5 authentication is used.

# Record type "hostssl"
# ---------------------
#
# This record identifies the authentication to use when connecting to
# a
# particular database via TCP/IP sockets over SSL. Note that normal
# "host" records are also matched - "hostssl" records can be used to
# require a SSL connection.
# This keyword is only available if the server is compiled with SSL
# support
# enabled.
#
# The format of this record is identical to that of "host".

# Record type "local"
# ------------------
# 
# This record identifies the authentication to use when connecting to
# a
# particular database via a local UNIX socket.
#
# Format:
# 
#   local DBNAME USERAUTH [AUTH_ARGUMENT]
#
# The format is the same as that of the "host" record type except that
# the
# IP_ADDRESS and ADDRESS_MASK are omitted and the "ident", "krb4" and
# "krb5"
# values of USERAUTH are not allowed.

# For backwards compatibility, PostgreSQL also accepts pre-version 6
# records,
# which look like:
# 
#   all         127.0.0.1    0.0.0.0

# TYPE       DATABASE    IP_ADDRESS    MASK              USERAUTH  MAP
 
#host         all         127.0.0.1     255.255.255.255   trust     
 
# The above allows any user on the local system to connect to any
# database
# under any username.
 
#host         template1   192.168.0.0   255.255.255.0     ident
sameuser
 
# The above allows any user from any host with IP address 192.168.0.x
# to
# connect to database template1 as the same username that ident on
# that host
# identifies him as (typically his Unix username).  

#host         all        192.168.0.1   255.255.255.255   reject
#host         all        0.0.0.0       0.0.0.0           trust

# The above would allow anyone anywhere except from 192.168.0.1 to
# connect to
# any database under any username.

#host         all        192.168.0.0  255.255.255.0      ident
omicron
#
# The above would allow users from 192.168.0.x hosts to connect to any
# database, but if Ident says the user is "bryanh" and he requests to
# connect as PostgreSQL user "guest1", the connection is only allowed
# if
# there is an entry for map "omicron" in pg_ident.conf that says
# "bryanh" is 
# allowed to connect as "guest1".

# By default, allow anything over UNIX domain sockets and localhost.

local        all                                         trust
host         all         127.0.0.1     255.255.255.255   trust
host         all         207.158.72.11 255.255.255.255   trust
host         all         207.158.72.45 255.255.255.255   trust
# 

> 
>     Thank you for your time and assistance.
> 
> 
>                             Sincerely,
> 
>                             Robert Vogt IV
>                             CEO
>                             ArborHost
-- 
Larry Rosenman                      http://www.lerctr.org/~ler
Phone: +1 972-414-9812 (voice) Internet: ler(at)lerctr(dot)org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749

In response to

pgsql-general by date

Next:From: Tom LaneDate: 2000-10-28 17:32:22
Subject: Re: newbie question: ERROR: getattproperties: no attribute tuple 1259 -2
Previous:From: Robert Vogt IVDate: 2000-10-28 17:08:44
Subject: Re: newbie question: ERROR: getattproperties: no attribute tuple 1259 -2

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group