Access by 1000 users to view postgres tables without recreating accounts?

From: "Jameson C(dot) Burt" <jameson(at)coost(dot)com>
To: pgsql-admin(at)postgresql(dot)org
Cc: jameson(at)coost(dot)com
Subject: Access by 1000 users to view postgres tables without recreating accounts?
Date: 2002-05-20 04:52:01
Message-ID: 20020520045201.GA27050@coost.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Can one permit numerous users to view Postgresql tables (subject to per
table permissions, of course), yet not need to recreate password entries
for Postgresql's mostly duplication of /etc/passwd.
That is, given one already administers 1000 users,
can one keep the extra administration time for 1000 viewers
of Postgresql tables low?

It seems reasonable that any Postgresql table with access for everyone
should be readable by anyone without postgres acting as a gatekeeper
prohibiting most people even initial Postgresql access.
I do not feel it is reasonable that I should need to recreate password
information for 1000 users to satisfy Postgresql when the
/etc/passwd information of all 1000 users is already available
at the system level (even though this could be automated).

I am willing to spend effort giving permissions for people who will
create/alter Postgresql tables, but I do not feel I ought to spend
any effort accomodating system user files into Postgresql when people
will only view (read) Postgresql tables.
Yes, I could obliterate security, as I currently do, with
host all 0.0.0.0 0.0.0.0 trust
but this is the other unacceptable extreme.
I am left with two choices,
1. Go to enormous incessant work accomodating 1000 users.
2. Allow 1000 users to obliterate each others Postgresql tables.

Did I miss a commonly used trick to accomodate 1000 users viewing
Postgresql tables?
In most server/client arrangements as for sound or webpages,
the server's main purpose is to provide needed permissions;
but in the Postgresql daemon,
I see no lessening of needed user permissions!
The postgres daemon seems to increase access speed,
but does not seem to make user access easier
on either the administrator or the user.
Perhaps people use a second server for such situations; eg, an apache
server using a username acceptable to Postgresql (though one would hope
for some commandline access).
I have merely tried psql access.

For 2 years, I have read hundreds of pages on PostgreSQL,
including official html and postscript documents,
books like "PostgreSQL: Introduction and Concepts" and
"Practical PostgreSQL", and email archives.
While these documents have taught me much about using PostgreSQL,
I have not gone beyond treating PostgreSQL as more than a plaything
until I can get other users to view Postgresql tables
without exhorbitant time administering users.

Any suggestions?

Probably irrelevant conditions:
I run Debian Linux 3.0
I run Postgresql 7.2.1
--
Jameson C. Burt, NJ9L Fairfax, Virginia, USA
jameson(at)coost(dot)com http://www.coost.com
(202) 690-0380 (work)

Browse pgsql-admin by date

  From Date Subject
Next Message Jean-Michel POURE 2002-05-20 07:31:31 Re: [HACKERS] UTF-8 safe ascii() function
Previous Message Patrice Hédé 2002-05-19 19:14:42 Re: [HACKERS] UTF-8 safe ascii() function