Re: Help with privilege or pg_hba.conf

--- "Arcadius A." <ahouans(at)sh(dot)cvut(dot)cz> wrote:
> Hello!
> I have a Unix box running PostgreSQL 7.3.3.
>
> So far, I have been the only one user of the DB
> server...and I didn't have
> any problem using it with the JDBC driver.
>
> Now, a friend of mine wants to use the DB too for
> doing web stuffs(PHP,
> JSP).... so I need to create a new user on
> PostgreSQL. this has been done
> easily.
> Now, I don't want the new user (his username is
> "cool",and he has a
> password ) to access other DBs on my server... I
> want him to access ONLY a
> database named "cool" that he owns
> (as user "cool", I have created the DB "cool"... and
> I want user "cool" to
> access ONLY DB "cool" and do any operation on it).
>
> How can this be done?
>
> I've been trying to modify "pg_hba.conf" but with no
> luck .... as user
> "cool", after I connect to the DB server via psql
> and I do "\c anotherdb",
> user "cool" can still connect to "anotherdb".
> my "pg_hba.conf" can be found at
> http://ahouans.sh.cvut.cz/pg_hba.txt
>
> Thanks in advance.
>
> Have a nice weekend!
>
> Arcadius Ahouansou.

Would this work?

1. Move all of the lines where user = 'all' to the
bottom.

2. Below lines where database = 'cool', but above
user='all' lines, explicitly reject cool's access to
all databases:

# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
# put database = 'cool' lines here
host all cool 127.0.0.1 255.255.255.255 reject
host all cool x.x.x.x 255.255.255.224 reject
host all cool 192.168.0.0 255.255.255.0 reject
# put user = 'all' lines here

Best of luck,

Andrew Gould