[Charset iso-8859-1 unsupported, filtering to ASCII...]
> On Wed, 26 Apr 2000, Jim Mercer wrote:
>
> > - queries via localhost (unix domain sockets) should assume that the pg_user
> > is the same as the unix user running the process.
>
> There's no way for the server to determine the system user name of the
> other end of a domain socket; at least no one has implemented one yet. So
> essentially this isn't going to work.
The default of "local all trust" is something I allways
considered insecure. At least because the unix domain socket
isn't changed to mode 0700 after creation, so that only users
in the unix dba (or whatever) group are trusted.
If we add a permissions field to the local entry, the
postmaster can chmod() the socket file after creating it (and
maybe drain out waiting connections that slipped in between
after a second before accepting the first real one). The
default hba would then read:
local all trust 0770
host all 127.0.0.1 255.255.255.255 ident sameuser
There's IMHO no reason, why the postmaster shouldn't try to
create an inet socket bound to 127.0.0.1:pgport by default
too. And it must not be considered an error (while some
notice would be nice) if the creation of that socket fails.
Also we change libpq that if it get's an EPERM at connect(2)
to the unix domain socket, it tries again via inet. Some
microseconds overhead but transparent for non-dba local
users.
Now someone can add users, he really trusts to the dba group
in /etc/group. Or he can open the entire DB system to all
local users by changing the permissions to 0777.
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#========================================= wieck@debis.com (Jan Wieck) #