Skip site navigation (1) Skip section navigation (2)

Re: db security; user identification

From: Martin Atukunda <matlads(at)myrealbox(dot)com>
To: pgsql-novice(at)postgresql(dot)org
Subject: Re: db security; user identification
Date: 2004-01-27 13:54:13
Message-ID: 200401271654.14039.matlads@myrealbox.com (view raw or flat)
Thread:
Lists: pgsql-novice
On Tuesday 27 January 2004 16:21, Marcin Gil wrote:
> Martin Atukunda wrote:
> > - local all all trust
> > + local all postgres trust
> > + local all all md5
>
> Ok. but if user does:
> psql -d template1 -U postgres?
>
> then he won't be asked about password but should.
> Everyone who can access psql, can get into db as postgres user.
> Not safe I suppose.

Quite true. This is not a safe option, particularly if you don't trust local 
users. I suppose in this case you could maintain the following in 
pg_hba.conf:

- local all all trust
+ local all all md5

and then have init the postmaster by using su.

i.e.

235:respawn:/bin/su - postgres -c /usr/local/pgsql/bin/start.sh


with start.sh having:

#!/bin/sh
DATADIR=/usr/local/pgsql/data
OPTIONS="-i -N 256 -B 512"
LOGFILE=/usr/local/pgsql/server.log
postmaster -D $DATADIR $OPTIONS > $LOGFILE 2>&1

- Martin -

-- 
"If we don't succeed, we run the risk of failure."
--Bill Clinton, President

In response to

Responses

pgsql-novice by date

Next:From: lndDate: 2004-01-27 13:58:07
Subject: Increase stored proc. parameters max count
Previous:From: Marcin GilDate: 2004-01-27 13:21:27
Subject: Re: db security; user identification

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group