Re: Problems with user-level security

Stephan Szabo wrote:
> On Tue, 6 Nov 2001, Nick Sayer wrote:
[...]
>> What I *really* want is for an extra column to be added to pg_hba.conf
>> to specify the user of interest. Like this:
>>
>> all     local sameuser password
>> backups local all      password
>> pgsql   local all      password
>>
>> Does this make any sense? Is there some way to achieve this I am
>> missing? The only way I can do backups at the moment is introduce a
>> race condition so that anyone can connect to any database they like at
>> certain times of day. Not good.
>
> If you're using password, couldn't you do this by specifying the file
> to look up the passwords in (the optional last parameter) on the local
> all line and then only put the backups/pgsql password in it.


That solution works perfectly. I now have

local sameuser password
local all password pg_superusers

and have added the backup user to pg_superusers using pg_passwd. I am a
happy camper! Especially nice is that I can empty out the pg_shadow
password for the superusers.