Re: pg_hba.conf file
От | Jodi Kanter |
---|---|
Тема | Re: pg_hba.conf file |
Дата | |
Msg-id | 00a401c25371$4d654ed0$de138f80@virginia.edu обсуждение исходный текст |
Ответ на | pg_hba.conf file (Jodi Kanter <jkanter@virginia.edu>) |
Список | pgsql-admin |
I thought of that. The only problem is that the users in that file (pgpasswords_template1) can drop either database. If I control who has that ability I shouldn't have to worry too much, but I was hoping to restrict people to only the database they are allowed to modify. ----- Original Message ----- From: "Oktay Altunergil" <postgres@altunergil.com> To: "Jodi Kanter" <jkanter@virginia.edu> Sent: Tuesday, September 03, 2002 1:33 PM Subject: Re: [ADMIN] pg_hba.conf file > You will probably need to create a pgpasswords_template1 file in addition to those two you already have and add people to it manually. > > Oktay > > On Tue, 03 Sep 2002 12:43:03 -0400 > Jodi Kanter <jkanter@virginia.edu> wrote: > > > My current pg_hba.conf file looks like this: > > > > local genex password pgpasswords_genex > > host genex 127.0.0.1 255.255.255.255 password pgpasswords_genex > > > > > > local herr_lab password pgpasswords_herr_lab > > host herr_lab 127.0.0.1 255.255.255.255 password pgpasswords_herr_lab > > > > "genex" and "herr_lab" are two separate databases which are used by two different departments. I set my pg_hba.conf file up this way to ensure that only the logins within the "pgpasswords_genex" file could access the genex database. And similarly for the herr_lab database - I only wanted user IDs within the pgpasswords_herr_lab file to access the herr_lab database. > > > > The problem here is that template1 is not mentioned and therefore commands like dropdb and createdb are not functioning. I tried adding the following lines: > > > > local template1 password pgpasswords_genex > > local template1 password pgpasswords_herr_lab > > > > The problem here is that the system seems to ignore the second line. The logins within the "pgpasswords_genex" file can now create and drop databases but the users in "pgpasswords_herr_lab" cannot. > > > > I would like to set it up such that only the genex users (with db creation permissions) can add or drop the genex database and only the herr_lab users (with db create permissions) can add or drop the herr_lab database. > > > > Is this possible? Can I get the system to recognize both pgpasswords files when referencing template1? Is there a better way to accomplish my goal? > > I recall a message posted somewhat recently regarding the pg_passwd utility. Is there some security flaw that I need to be aware of? > > Thanks for your help. > > Jodi > > > > > > _______________________________ > > Jodi L Kanter > > BioInformatics Database Administrator > > University of Virginia > > (434) 924-2846 > > jkanter@virginia.edu > > > > > > > > > > > > > > > > > > > > >
В списке pgsql-admin по дате отправления: