Re: A question about permissions
| От | Andrew Gould |
|---|---|
| Тема | Re: A question about permissions |
| Дата | |
| Msg-id | 20020122203404.87924.qmail@web13401.mail.yahoo.com обсуждение исходный текст |
| Ответ на | A question about permissions (David Madore <david.madore@ens.fr>) |
| Список | pgsql-general |
The following configuration line should allow anyone to login as him/herself or guest. host all 127.0.0.1 255.255.255.255 password I don't think this would weaken your current level of security, as a user name and password would still be needed to login as someone else. You could even assign passwords that are different from users' system passwords. Best of luck, Andrew Gould --- David Madore <david.madore@ens.fr> wrote: > Hi. > > I have a question about setting up permissions on a > PostgreSQL server: > I can't figure out how to get pg_hba.conf set up to > do what I want, > and perhaps someone can help me with this. > > The problem is the following: I have a small number > of users on my > system with a specific PostgreSQL account. The > latter is always named > in the same way as the user, and the pg_hba.conf > file states > > host all 127.0.0.1 255.255.255.255 ident sameuser > > Now I would like to make the databases readable by > anyone. To this > effect, I have created an extra PostgreSQL account, > "guest". And I > would like anyone to be able to access this "guest" > account (without, > of course, having to enter a password or anything > like that). How can > I achieve this? The only solution I can see is to > use some specific > identd mapping, and replace the line above by > > host all 127.0.0.1 255.255.255.255 ident sameorguest > > and write a (very long) pg_ident.conf that maps > every username on the > system to "guest" plus every specific account to > itself. But this is > quickly unmanageable as new accounts are being added > to the system all > the time. > > Surely there must be some better way to achieve such > a simple task? > > Another (rather distantly related) question: is > there some way to > perform uid-based authentication on a UNIX-domain > socket? It seems > absurd to use a TCP socket on localhost and identd > for this effect: it > is slower, and identd is sometimes unreliable, > whereas credentials can > be sent on a Unix-domain socket through sendmsg() > and related > functions. > > Thanks for any help. > > PS: Please send copy of replies to me personally as > I do not receive > mail from the list. Thanks again. > > -- > David A. Madore > (david.madore@ens.fr, > http://www.eleves.ens.fr:8080/home/madore/ ) > > ---------------------------(end of > broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/
В списке pgsql-general по дате отправления: