Can I get comments on this? It allows storage of a super-user password
in a file under /data that gets passed in psql. I don't like the fact
the password is stored unencrypted but that is needed to pipe into psql.
For 7.2 *BSD, Linux, it would be better to set up local/indent but for
other platforms I can see a use to it.
> The problem:
> If password authentication is set, then startup
> blocks waiting for a password to be given in stdin.
> FreeBSD 4.4
> postgresql runs under user/group pgsql
> data directory owned by pgsql
> Modified the pg_ctl script to redirect a one line
> password file to "$PGPATH/psql". The passwd file
> exists in the data directory.
> If the passwd file does not exist, an empty one will
> be created with perm 600.
> If someone has root or pgsql os user access, then
> can alter the data directory at will anyways. Putting
> a plaintext passwd file in the data directory that
> regular users cannot access anyways does not represent
> any more of a security hazard that if someone had
> access to the master.passwd files.
> Workaround a bit more secure than allowing trust to
> all local users.
> --- pg_ctl.sh Sat Apr 21 04:23:58 2001
> +++ /usr/local/bin/pg_ctl Sat Sep 22 12:39:03
> @@ -56,8 +56,8 @@
> # Placed here during build
> # protect the log file
> umask 077
> @@ -226,6 +226,11 @@
> +if [ ! -e $PASSFILE ];then
> + touch $PASSFILE
> + chmod 600 $PASSFILE
> if [ $op = "status" ];then
> if [ -f $PIDFILE ];then
> @@ -347,6 +352,10 @@
> # FIXME: This is horribly misconceived.
> # 1) If password authentication is set up, the
> connection will fail.
> +# Kinda fixed. If password is set up, and the
> +# does not exist, then it will fail. If password
> is setup
> +# and passwd file exists with the passwd, then
> it will succeed.
> +# If password auth is not set, this will still
> # 2) If a virtual host is set up, the connection may
> # 3) If network traffic filters are set up tight
> enough, the connection
> # may fail.
> @@ -357,7 +366,7 @@
> # 6) If the dynamic loader is not set up correctly
> (for this user/at
> # this time), psql will fail (to find libpq).
> # 7) If psql is misconfigured, this may fail.
> - if "$PGPATH/psql" -l >/dev/null 2>&1
> + if "$PGPATH/psql" -l >/dev/null 2>&1 <
> Do You Yahoo!?
> Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
In response to
pgsql-patches by date
|Next:||From: Adam Osuchowski||Date: 2001-10-11 22:24:45|
|Subject: psql: default base and password reading|
|Previous:||From: Bruce Momjian||Date: 2001-10-11 20:25:27|
|Subject: Re: SQLCODE==-209|