On Tuesday 27 January 2004 16:21, Marcin Gil wrote:
> Martin Atukunda wrote:
> > - local all all trust
> > + local all postgres trust
> > + local all all md5
>
> Ok. but if user does:
> psql -d template1 -U postgres?
>
> then he won't be asked about password but should.
> Everyone who can access psql, can get into db as postgres user.
> Not safe I suppose.
Quite true. This is not a safe option, particularly if you don't trust local
users. I suppose in this case you could maintain the following in
pg_hba.conf:
- local all all trust
+ local all all md5
and then have init the postmaster by using su.
i.e.
235:respawn:/bin/su - postgres -c /usr/local/pgsql/bin/start.sh
with start.sh having:
#!/bin/sh
DATADIR=/usr/local/pgsql/data
OPTIONS="-i -N 256 -B 512"
LOGFILE=/usr/local/pgsql/server.log
postmaster -D $DATADIR $OPTIONS > $LOGFILE 2>&1
- Martin -
--
"If we don't succeed, we run the risk of failure."
--Bill Clinton, President