From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
---|---|
To: | R D <mrk279(at)yahoo(dot)com> |
Cc: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: few securiry questions |
Date: | 2000-05-30 16:09:45 |
Message-ID: | Pine.LNX.4.21.0005292022500.359-100000@localhost.localdomain |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
R D writes:
> 1. How can I forbid to some users to create tables
> in some databases which they can acccess.
You can't. Working on that ...
> 2. How can I GRANT/REJECT some privileges on all
> objects in a database TO/FROM some users, since i
> can't type "GRANT ALL ON * TO SOMEUSER;" in PgSQL. Is
> there any functional analog?
You can't internally. You can read the list of all tables from the
pg_class system catalog and have your application issue the command GRANT
x ON table1, table2, table3, ... TO y.
> 3. How can I reject to some users connections to
> some databases from any host using password
> authentication?
You can create a separate password file for the databases and only list
the users you want in that password file. The syntax for this is
`... password filename' in pg_hba.conf. See also the pg_passwd command for
making password files.
> 4. Why this pg_hba.conf does not alow uses from
> 192.168.200.X to connect to the databases with message
> telling that there was no entry for 192.168.200.x in
> pg_hba.conf?
> # pg_hba.conf
>
> local all trust
> host all 0.0.0.0 0.0.0.0 reject
> host all 192.168.200.0 255.255.255.0 password
Because a mask of 0.0.0.0 matches every host, so the reject kicks in. The
logic here is that
({host entry} XOR {actual host}) AND {mask entry}
must be 0 for a record to match.
--
Peter Eisentraut Sernanders väg 10:115
peter_e(at)gmx(dot)net 75262 Uppsala
http://yi.org/peter-e/ Sweden
From | Date | Subject | |
---|---|---|---|
Next Message | Loïc TREGOUËT | 2000-05-30 16:15:58 | Password crypted storage utilisation |
Previous Message | Eugene Karpachov | 2000-05-30 12:40:23 | Re: grant select,update - bug or feature? |