Re: restricting non superuser from accessing other

On Tue, 2004-09-07 at 15:38, Tom Lane wrote:
> Oliver Elphick <olly(at)lfix(dot)co(dot)uk> writes:
> > On Tue, 2004-09-07 at 14:35, David Garamond wrote:
> >> Thanks! So I must modify and kill -HUP postmaster everytime a new db is
> >> added. Is there something like this in pg_hba.conf?
> >>
> >> local owndb all md5
>
> > No. You would have to have:
> > local his_db that_user md5
> > for each user/database combination.
>
> CVS-tip documentation alleges that "sameuser" does what David wants,
> at least as long as he names databases the same as their owners.
>
> I'm too lazy to look to see if it's in any released versions .

I had overlooked that. It is in 7.4, at least:

database

Specifies which databases this record matches. The value all
specifies that it matches all databases. The value sameuser
specifies that the record matches if the requested database has
the same name as the requested user. The value samegroup
specifies that the requested user must a member of the group
with the same name as the requested database. Otherwise, this is
the name of a specific PostgreSQL database. Multiple database
names can be supplied by separating them with commas. A file
containing database names can be specified by preceding the file
name with @. The file must be in the same directory as
pg_hba.conf.

--
Oliver Elphick olly(at)lfix(dot)co(dot)uk
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA
========================================
"For whosoever shall call upon the name of the Lord
shall be saved." Romans 10:13