Re: pg_hba, access control for a webserver, superuser, and joe user
| От | Bruno Wolff III |
|---|---|
| Тема | Re: pg_hba, access control for a webserver, superuser, and joe user |
| Дата | |
| Msg-id | 20030129072656.GA19996@wolff.to обсуждение исходный текст |
| Ответ на | pg_hba, access control for a webserver, superuser, and joe user (jerry.nospam@theashergroup.com (Jerry Asher)) |
| Список | pgsql-admin |
On Tue, Jan 28, 2003 at 15:39:03 -0800, Jerry Asher <jerry.nospam@theashergroup.com> wrote: > > Does the order of statements in pg_hba.conf matter? > Is there a priority and a fallback of sorts? Try this first mechanism > and if that fails, try the next mechanism? Yes the order matters. Only the first rule that matches is used to do the authentication. If it fails no other rules are tried. For your kind of set up, you want to do the user specific rules first (postgres and the web user) followed by the wildcard rule for users connecting to a matching database. Here is a sample that I use that is similar to what you are trying to do. HBA: local all postgres ident postgres local area,book,cube,template1 bruno ident sameuser local area,book nobody ident nobody local sameuser all ident sameuser IDENT: postgres root postgres postgres bruno postgres postgres postgres postgres nobody bruno nobody nobody nobody nobody
В списке pgsql-admin по дате отправления: