On Mon, 2001-12-17 at 01:42, Jameson Burt wrote:
> I seek a simplistic access,
>
> 1. superuser "postgres" gets access when his system-name is "postgres",
> but not otherwise [some security sought].
> This can be done in pg_hba.conf with either
> local all peer sameuser
> local all trust #but anyone then gets "postges" access.
>
> 2. One other user, say "puser", gets access whatever his system-name.
> The above
> local all peer sameuser
> disallows an arbitrary username entering as "psql template1 -U puser".
> One can use
> host all 127.0.0.1 255.0.0.0 ident jimsmap
> then have pg_ident.conf with 1000 user entries like
> jimsmap jameson puser
> However, I seek a simpler method for numerous users,
> each of whom will be granted access as user "puser".
> ANY IDEAS?
Have each user log in from the same UNIX account.
Instead of trying to make all users into one user, which is almost never
a good idea, why not just use the PUBLIC concept in the database's
access control system? Give each user their own userid, and GRANT
necessary access to PUBLIC.
--
Andrew G. Hammond mailto:drew@xyzzy.dhs.org
http://xyzzy.dhs.org/~drew/
56 2A 54 EF 19 C0 3B 43 72 69 5B E3 69 5B A1 1F
613-389-5481
5CD3 62B0 254B DEB1 86E0 8959 093E F70A B457 84B1
"To blow recursion you must first blow recur" -- me