Re: PostgreSQL DBI DBD::Pg Access Problem

From: postgresql(at)finner(dot)de
To: Samizdatt <Samizdatt(at)earthlink(dot)net>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: PostgreSQL DBI DBD::Pg Access Problem
Date: 2001-12-24 07:44:16
Message-ID: XFMail.011224084416.postgresql@finner.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general


On 24-Dec-01 Samizdatt sat down, thought for a long time and then wrote:
>
> I created 2 users in addition to postgres with the createuser
> command. These users have actual corresponding accounts on the
> system.
>
> (1)postgres - can create users and databases
> (2)root - can create databases
> (3)wwwrun - is just the web server account that can neither create
> databases nor users

Did you grant some rights for using the databases created by anybody
else (root, postgres) to the user "wwwrun"? It is not enough just to
have that user, the owner of the database (usually the creator) or any
database masteruser must grant specific rights to any other user who
should work with the database. Especially wwwrun, who may not create
his own database, must be given at least some rights, "SELECT" for
example.

>
> I modified the pg_hba.conf to temporarily allow connections from all
> users on the box by adding the following lines to the file:
>
> local all trust
> host all 127.0.0.1 255.255.255.255 trust
> host all 10.10.10.50 255.255.255.255 trust
>

This means that all postgres users (postgres, root, wwwrun) on that
host may connect to the database engine without further examination, but
not, that they can do anything else, using a database for example. ;-)

> I can connect to any of the PostgreSQL databases through any of the 3
> user accounts using psql, but I can only connect to the databases
> with my web server cgi & command line Perl DBI/DBD::Pg applications
> by including "postgres" as the user in my DBI database handles. I'd
> like to be able to connect to the databases using the wwwrun user
> account that is restricted from creating both users and databases in
> my DBI based applications and cgi scripts.
>
> Since the pg_hba.conf is set to allow any user with an account in the
> PostgreSQL database to connect from my box, and I can connect to any
> of the databases through any of the 3 accounts using psql, shouldn't
> my DBI based cgi & command line Perl applications be able to connect
> to the same databases using any of the 3 postgres user accounts I
> created using createuser?

No, the user just may connect to the engine, but without granted rights
they may do nothing, at least wwwrun.

> Now, only including "postgres" as the user
> in my DBI/DBD::Pg database handles allows my cgi & command line
> programs to access my PostgreSQL data
> bases.
> *****************************************************
>
> Thank you for any assistance.
>

Hope it helps.

Greetings,
--
Frank Finner

And now there is no turning back at all.
(M. Moorcock, "Elric Of Melnibone")"

In response to

Browse pgsql-general by date

  From Date Subject
Next Message tony 2001-12-24 08:32:23 Database recovery
Previous Message Tom Lane 2001-12-24 03:13:39 Re: PostgreSQL DBI DBD::Pg Access Problem