On Sat, Jul 19, 2003 at 11:31:29PM +0200, Arcadius A. wrote:
> Hello!
> I have a Unix box running PostgreSQL 7.3.3.
>
> So far, I have been the only one user of the DB server...and I didn't have
> any problem using it with the JDBC driver.
>
> Now, a friend of mine wants to use the DB too for doing web stuffs(PHP,
> JSP).... so I need to create a new user on PostgreSQL. this has been done
> easily.
> Now, I don't want the new user (his username is "cool",and he has a
> password ) to access other DBs on my server... I want him to access ONLY a
> database named "cool" that he owns
> (as user "cool", I have created the DB "cool"... and I want user "cool" to
> access ONLY DB "cool" and do any operation on it).
>
> How can this be done?
Don't forget that when Postgres is going through pg_hba.conf to
authenticate a connection, it uses the first line that matches *all*
the connection parameters - type, user, db, ip address (for remote
connections). So in your case, access by user "cool" to databases
other than "cool" is matched by the line "local all all trust",
which permits access. You need to specifically disallow connections
by user "cool" to other databases, by putting a line like
"local all cool reject" before the "local all all trust" line,
and similarly for remote connections.
Richard