Re: A question about permissions

The following configuration line should allow anyone
to login as him/herself or guest.

host all 127.0.0.1 255.255.255.255 password

I don't think this would weaken your current level of
security, as a user name and password would still be
needed to login as someone else. You could even
assign passwords that are different from users' system
passwords.

Best of luck,

Andrew Gould

--- David Madore <david(dot)madore(at)ens(dot)fr> wrote:
> Hi.
>
> I have a question about setting up permissions on a
> PostgreSQL server:
> I can't figure out how to get pg_hba.conf set up to
> do what I want,
> and perhaps someone can help me with this.
>
> The problem is the following: I have a small number
> of users on my
> system with a specific PostgreSQL account. The
> latter is always named
> in the same way as the user, and the pg_hba.conf
> file states
>
> host all 127.0.0.1 255.255.255.255 ident sameuser
>
> Now I would like to make the databases readable by
> anyone. To this
> effect, I have created an extra PostgreSQL account,
> "guest". And I
> would like anyone to be able to access this "guest"
> account (without,
> of course, having to enter a password or anything
> like that). How can
> I achieve this? The only solution I can see is to
> use some specific
> identd mapping, and replace the line above by
>
> host all 127.0.0.1 255.255.255.255 ident sameorguest
>
> and write a (very long) pg_ident.conf that maps
> every username on the
> system to "guest" plus every specific account to
> itself. But this is
> quickly unmanageable as new accounts are being added
> to the system all
> the time.
>
> Surely there must be some better way to achieve such
> a simple task?
>
> Another (rather distantly related) question: is
> there some way to
> perform uid-based authentication on a UNIX-domain
> socket? It seems
> absurd to use a TCP socket on localhost and identd
> for this effect: it
> is slower, and identd is sometimes unreliable,
> whereas credentials can
> be sent on a Unix-domain socket through sendmsg()
> and related
> functions.
>
> Thanks for any help.
>
> PS: Please send copy of replies to me personally as
> I do not receive
> mail from the list. Thanks again.
>
> --
> David A. Madore
> (david(dot)madore(at)ens(dot)fr,
> http://www.eleves.ens.fr:8080/home/madore/ )
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/