From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Richard Huxton <dev(at)archonet(dot)com>, "Thomas T(dot) Veldhouse" <veldy(at)veldy(dot)net>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Bug in createlang? |
Date: | 2001-11-27 21:01:55 |
Message-ID: | 200111272101.fARL1tl27726@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers pgsql-patches |
To address this issue, I have added the following paragraph to the
installation instructions:
However, while the directory contents are secure, the default
<filename>pg_hba.conf</filename> authentication of
<literal>trust</literal> allows any local user to become the
superuser and connect to the database. If you don't trust your local
users, we recommend you use the <command>initdb</command> option
<option>-W</option> or <option>--pwprompt</option> to assign a
password to the superuser and modify your
<filename>pg_hba.conf</filename> accordingly. (Another option:
Your operating system may support <literal>ident</literal> for
local connections.)
---------------------------------------------------------------------------
> > Richard Huxton <dev(at)archonet(dot)com> writes:
> > > "Thomas T. Veldhouse" wrote:
> > >> Why does it ask 4 times?
> >
> > > createlang is just a script - it basically runs "/path/to/psql $QUERY" -
> > > each query connects a separate time.
> >
> > Note that running a setup that requires password auth for the DBA will
> > also be a major pain in the rear when running pg_dumpall: one password
> > prompt per database, IIRC. We have other scripts that make more than
> > one database connection, too.
>
> This brings up an issue I am concerned about. Right now, when we
> install the database with initdb, we basically are wide-opened to any
> local user who wants to connect to the database as superuser. In fact,
> someone could easily install a function in template1 that bypasses
> database security so even after you put a password on the superuser and
> others, they could bypass security.
>
> Do people have a good solution for this problem? Should be be
> installing a password for the super-user at initdb time? I see initdb
> has this option:
>
> --pwprompt
>
> -W Makes initdb prompt for a password of the database
> superuser. If you don't plan on using password
> authentication, this is not important. Otherwise
> you won't be able to use password authentication
> until you have a password set up.
>
> Do people know they should be using this initdb option if they don't
> trust their local users? I see no mention of it in the INSTALL file.
>
> I see it does:
>
> # set up password
> if [ "$PwPrompt" ]; then
> $ECHO_N "Enter new superuser password: "$ECHO_C
> stty -echo > /dev/null 2>&1
> read FirstPw
> stty echo > /dev/null 2>&1
> echo
> $ECHO_N "Enter it again: "$ECHO_C
> stty -echo > /dev/null 2>&1
> read SecondPw
> stty echo > /dev/null 2>&1
> echo
> if [ "$FirstPw" != "$SecondPw" ]; then
> echo "Passwords didn't match." 1>&2
> exit_nicely
> fi
> echo "ALTER USER \"$POSTGRES_SUPERUSERNAME\" WITH PASSWORD '$FirstPw'" \
> | "$PGPATH"/postgres $PGSQL_OPT template1 > /dev/null || exit_nicely
> if [ ! -f $PGDATA/global/pg_pwd ]; then
> echo "The password file wasn't generated. Please report this problem." 1>&2
> exit_nicely
> fi
>
> --
> Bruce Momjian | http://candle.pha.pa.us
> pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
> + If your life is a hard drive, | 830 Blythe Avenue
> + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://www.postgresql.org/search.mpl
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
From | Date | Subject | |
---|---|---|---|
Next Message | John Gray | 2001-11-27 21:14:41 | Re: How to turn off TOAST on a table/column |
Previous Message | Tom Lane | 2001-11-27 20:52:27 | Re: [HACKERS] How to turn off TOAST on a table/column |
From | Date | Subject | |
---|---|---|---|
Next Message | Jeff Davis | 2001-11-27 21:02:53 | Re: Announcement: I've joined Red Hat |
Previous Message | Tom Lane | 2001-11-27 20:52:27 | Re: [HACKERS] How to turn off TOAST on a table/column |
From | Date | Subject | |
---|---|---|---|
Next Message | Greg Sabino Mullane | 2001-11-27 21:23:51 | Updated version of src/bin/psql/create_help.pl |
Previous Message | Igor Kovalenko | 2001-11-27 20:28:21 | Re: Support for QNX6, POSIX IPC and PTHREAD-style locking |