Re: user to database restriction?
| От | Stephan Szabo |
|---|---|
| Тема | Re: user to database restriction? |
| Дата | |
| Msg-id | 20020210183115.O74402-100000@megazone23.bigpanda.com обсуждение исходный текст |
| Ответ на | Re: user to database restriction? (Jon August <jon@internection.com>) |
| Список | pgsql-admin |
On Sun, 10 Feb 2002, Jon August wrote: > > Ok, it looks like the final argument is used to set up realtionships > between remote unix users to pg users. So wouldn't that mean that > ultimately the user would be able to view any database anyway since > the pg user can view any database? (aside from revoking privs at the > table level) > > Is there any means of user to database access restriction? From my 7.2 pg_hba.conf (I don't believe this was changed from 7.1): # password: Authentication is done by matching a password supplied # in clear by the host. If no AUTH_ARGUMENT is used, the # password is compared with the user's entry in the # pg_shadow table. # # If AUTH_ARGUMENT is specified, the username is looked up # in that file in the $PGDATA directory. If the username # is found but there is no password, the password is looked # up in pg_shadow. If a password exists in the file, it is # used instead. These secondary files allow fine-grained # control over who can access which databases and whether # a non-default password is required. The same file can be # used in multiple records for easier administration. # Password files can be maintained with the pg_passwd(1) # utility. Remember, these passwords override pg_shadow # passwords. I believe it lists pg users that are allowed in to the database (and potentially that they need a special password other than their normal). > On Sun, 10 Feb 2002, Stephan Szabo wrote: > > > > local all password postgres > > > host all xxx.xxx.xxx.xxx 255.255.255.255 password postgres > > > local shopdb password mark > > > host shopdb xxx.xxx.xxx.xxx 255.255.255.255 password mark > > > > The final argument goes to an external file in $PGDATA that lists users > > (and optionally passwords) for the users that are allowed into the db. >
В списке pgsql-admin по дате отправления: