Re: pg_hba.conf file

Поиск
Список
Период
Сортировка
От Jodi Kanter
Тема Re: pg_hba.conf file
Дата
Msg-id 00a401c25371$4d654ed0$de138f80@virginia.edu
обсуждение исходный текст
Ответ на pg_hba.conf file  (Jodi Kanter <jkanter@virginia.edu>)
Список pgsql-admin
I thought of that. The only problem is that the users in that file
(pgpasswords_template1) can drop either database.
If I control who has that ability I shouldn't have to worry too much, but I
was hoping to restrict people to only the database they are allowed to
modify.

----- Original Message -----
From: "Oktay Altunergil" <postgres@altunergil.com>
To: "Jodi Kanter" <jkanter@virginia.edu>
Sent: Tuesday, September 03, 2002 1:33 PM
Subject: Re: [ADMIN] pg_hba.conf file


> You will probably need to create a pgpasswords_template1 file in addition
to those two you already have and add people to it manually.
>
> Oktay
>
> On Tue, 03 Sep 2002 12:43:03 -0400
> Jodi Kanter <jkanter@virginia.edu> wrote:
>
> > My current pg_hba.conf file looks like this:
> >
> > local         genex                         password  pgpasswords_genex
> > host          genex       127.0.0.1   255.255.255.255  password
pgpasswords_genex
> >
> >
> > local        herr_lab                         password
pgpasswords_herr_lab
> > host         herr_lab      127.0.0.1     255.255.255.255  password
pgpasswords_herr_lab
> >
> > "genex" and "herr_lab" are two separate databases which are used by two
different departments. I set my pg_hba.conf file up this way to ensure that
only the logins within the "pgpasswords_genex" file could access the genex
database. And similarly for the herr_lab database - I only wanted user IDs
within the pgpasswords_herr_lab file to access the herr_lab database.
> >
> > The problem here is that template1 is not mentioned and therefore
commands like dropdb and createdb are not functioning. I tried adding the
following lines:
> >
> > local         template1                     password  pgpasswords_genex
> > local         template1                     password
pgpasswords_herr_lab
> >
> > The problem here is that the system seems to ignore the second line. The
logins within the "pgpasswords_genex" file can now create and drop databases
but the users in "pgpasswords_herr_lab" cannot.
> >
> > I would like to set it up such that only the genex users (with db
creation permissions) can add or drop the genex database and only the
herr_lab users (with db create permissions) can add or drop the herr_lab
database.
> >
> > Is this possible? Can I get the system to recognize both pgpasswords
files when referencing template1? Is there a better way to accomplish my
goal?
> > I recall a message posted somewhat recently regarding the pg_passwd
utility. Is there some security flaw that I need to be aware of?
> > Thanks for your help.
> > Jodi
> >
> >
> > _______________________________
> > Jodi L Kanter
> > BioInformatics Database Administrator
> > University of Virginia
> > (434) 924-2846
> > jkanter@virginia.edu
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
>


В списке pgsql-admin по дате отправления:

Предыдущее
От: Jodi Kanter
Дата:
Сообщение: pg_hba.conf file
Следующее
От: Peter Eisentraut
Дата:
Сообщение: Re: Problem building JDBC with PG7.2.2