Skip site navigation (1) Skip section navigation (2)

Re: Permissions

From: Heath Johns <public(at)elesi(dot)org>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: Permissions
Date: 2001-02-27 23:43:55
Message-ID: 20010227184355.D54925@elesi.org (view raw or flat)
Thread:
Lists: pgsql-novice
Thanks again for responding. :)

The solution that you posted would appear to be what I am looking for.
However IIRC, I think I tried that.  I logged into the unix account
'heath' and I did a psql -u and typed in 'postgres' at the user prompt.
It believed me and let right on in.  I kept on looking because I didn't
like the idea of anyone who had a unix account, regardless how trivial,
having what amounted to root access to the rmdbs.

Under the circumstances, I believe that would be the best option though.

Your help is much appreciated...


Heath Johns



On Tue, Feb 27, 2001 at 06:08:04PM -0500, Tom Lane wrote:
> Heath Johns <public(at)elesi(dot)org> writes:
> > First off, thank you for your reply.  I have an additional problem
> > however.  I have many stunnels (ssh like tcp tunnels) coming into this
> > box that communicate with pgsql, all of which I need to password
> > authenticate. They obviously only work on tcp sockets.  If I were to
> > ident them, it would surely come back with the owner of the stunnel.
> > Also, these tunnels map an external port to localhost, so I cannot do
> > host based authentication.
> 
> Okay, that is a little bit messy.
> 
> > I would be more than happy if the situation were reversed, with unix
> > users not requiring a password, and all tcp connections being password
> > authenticated (which would seem to me the more logical arangement).
> > Unfortunately, there appears to be no way to do this.
> 
> Um, the users coming in through stunnels must reach the postmaster via
> TCP, no?  Or are they first logging into local shells and then running
> psql locally?  If they do use TCP connections then it seems like
> 
> 	local	all trust
> 	host	all 127.0.0.1 255.255.255.255 password
> 
> will do what you just said.  The local users just have to be careful
> not to set PGHOST ...
> 
> 			regards, tom lane

In response to

pgsql-novice by date

Next:From: James McMurryDate: 2001-02-28 00:14:31
Subject: Joining on a column that might be null
Previous:From: Tom LaneDate: 2001-02-27 23:08:04
Subject: Re: Permissions

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group