Permissions problem
От | robert_hiltibidal_at_cms08405@ccmailgw.state.il.us |
---|---|
Тема | Permissions problem |
Дата | |
Msg-id | 9906259303.AA930325869@ccmailgw.state.il.us обсуждение исходный текст |
Список | pgsql-interfaces |
Morning, I have an interesting problem... I'm running postgres 6.4.2 on a linux 2.2.6 system. 64mg ram, 130mgswap. I have a distributed network system here. I have some people who are not local that need the root passwordto the system. Access97 is favored here so I thought I'd create a table with the password and limit the accessto only to those people. The idea is these and only these people can see what the root password is without havingto page me. I installed the postgres odbc driver on 1 nt machine and the rest are win95 machines. Thedriver was installed to prompt for the username and password. I did take out the read only flags. There are other tables these people have access to and need to be able to edit. The main Access97 database is stored on anovell system a couple of floors away. That database is called WebAdmin. I linked the root table between the linuxserver and the WebAmin.mdb file stored on the Novell drive. I did not link the tables as root. I linked them asuser1. Each of the people involved can see the tables. So far so good. The problem is I created the table asroot on the linux server. I limited the perms to SELECT for the people involved. Yet, we found out the people cando INSERT,UPDATE, and DELETE queries. I had thought since I was logged on as user1 and then su'd to root thatthe server attached my real user id and the root uid, to the table. This does not seem to be the case. My www usercannot access tables not assigned to it. I created the WebAdmin.mdb file from my NT box using my user1 nameand password. Access97 tends to keep things stored in the system tables that allows a networked office to sharethe same information. As long as the DSN is the same for all the computers Access97 will let all the users seethe same stuff. I thought perhaps Access97 was trapping my user1 name and password in the system tables but I didnot find them. The DSN connection does not show my username and password. Another factor is I can log on tothe linux system as anyone of the users and *still* change the data in the user table. This argues for the hbanot being set up right. But the server will not accept IDENT in the auth portion. When they are on the linux serverI want the postgres server to use the users actual uid assigned in the passwd file. If these peoplecan alter the root table unimpeded then there's a good possibility some novell admin can do the same. In short,I'm being justifiably paranoid. Attached is the root.sql file used to create the table and the restrictions I set on it. When I created this table I was su'd to root. I was not the postgres user. Is it possible Ididn't set up the perms right? I've also included a portion of the hba table. Any ideas? -Rob -- Y2KProject Postgres SQL Server Data Dictionary -- Created by Robert Hiltibidal -- 25-JUN-99 DROP TABLE root; CREATE TABLE root ( password varchar (10), recnum varchar (5) ); GRANT SELECTon root to user1; GRANT SELECT on root to user2; GRANT SELECT on root to user3; GRANT SELECT on root to user4; GRANT SELECT on root to user5; GRANT SELECT on root to user6; REVOKE INSERT,UPDATE,DELETE on root from user2; REVOKE INSERT,UPDATE,DELETE on root from user3; REVOKE INSERT,UPDATE,DELETE on root from user4; REVOKE INSERT,UPDATE,DELETEon root from user5; REVOKE INSERT,UPDATE,DELETE on root from user6; REVOKE INSERT,UPDATE,DELETEon root from user1; ##############HBA Table local all trust host all 0.0.0.0 0.0.0.0 password y2k
В списке pgsql-interfaces по дате отправления:
Следующее
От: Byron NikolaidisДата:
Сообщение: Re: [INTERFACES] ODBC 6.4 + PostgreSQL 6.5 = Can't browse tables