Skip site navigation (1) Skip section navigation (2)

Re: Where do pg_hba.conf include files live?

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Where do pg_hba.conf include files live?
Date: 2004-12-26 16:48:44
Message-ID: 200412261648.iBQGmiT16710@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Tom Lane wrote:
> The SGML docs state that include files referenced by "@foo" constructs
> in pg_hba.conf "must be in the same directory as pg_hba.conf".  The
> actual implementation, however, assumes they must be in DataDir.
> This is no longer the same thing after the introduction of the
> data_directory and hba_file GUC parameters.
> 
> It seems to me that in a context where you are storing pg_hba.conf in a
> separate configuration directory, putting the include files in that same
> directory is the behavior you'd want.  On the other hand, the contents
> of those files would often be data-cluster-specific (since they'd
> typically be lists of user or database names).  Maybe the code behavior
> is still sensible.
> 
> One thing that's probably *not* sensible either way is that the code
> forcibly prepends the directory name even if it's fed "@/abs/path".
> I think if an absolute path is given it should be honored.  That would
> give an "out" for DBAs who want whichever behavior we don't provide.
> 
> The changes to fix the code, if we decide the code is wrong rather than
> the docs, do not look very large; so I don't think we need to decide
> this on the basis of it being too late to change for 8.0.

Good point.  I agree @ should be relative to pg_hba.conf directory and
not datadir, and that absolute paths should work.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

In response to

pgsql-hackers by date

Next:From: lsunleyDate: 2004-12-26 19:57:08
Subject: More on Order by
Previous:From: Jaime CasanovaDate: 2004-12-26 16:12:48
Subject: Re: Updateable views

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group