Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0?
| От | Glyn Astill |
|---|---|
| Тема | Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0? |
| Дата | |
| Msg-id | 1311798149.1639.YahooMailNeo@web26004.mail.ukl.yahoo.com обсуждение исходный текст |
| Ответ на | Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0? ("Kevin Grittner" <Kevin.Grittner@wicourts.gov>) |
| Ответы |
Re: Adding line to pg_hba.conf for a specific group
makes superuser authentication fail in 9.0?
|
| Список | pgsql-admin |
> From: Kevin Grittner <Kevin.Grittner@wicourts.gov> >Glyn Astill <glynastill@yahoo.co.uk> wrote: > >> How can I specifically catch superusers? > > Create a group (nobody?) that you don't grant to any users. Only > superusers will be a member of it. > Ah of course, simple, thanks Kevin. I can't help but feel that there should be something in the docs for 9.0 to specify this, since it is a behaviour differencefrom 8.4 and earlier. The docs (http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html) do say: "Recall that there is no real distinction between users and groups in PostgreSQL; a + mark really means "match anyof the roles that are directly or indirectly members of this role", while a name without a + mark matches onlythat specific role" Maybe the docs should be embellished to also say "since a superuser is automatically considered a member of any group, itshould be taken into account that names with a + mark will affect all superusers (although this was not the case priorto 9.0)" or something along those lines. Glyn
В списке pgsql-admin по дате отправления: