[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: postgres help.

Subject: Re: postgres help.
From: Josh Berkus <..hidden..>
Date: Mon, 9 Jun 2008 14:01:48 -0700

Milton,

> I can connect to the ledger db as users ledgersmb, postgres, root
> and apache. Everyone but ledgersmb is a superuser:

First of all, having apache be a superuser on the database is a very bad 
idea.  It leaves your DB wide open to any SQL injection or HTTP compromise 
attacks.  Having "root" as a superuser isn't a great idea either simply 
because you don't want queries running as "root".  

> As root I can connect to ledgersmb db as user root, but not as user
> ledgersmb. ie:
> psql -d ledgersmb -> works
> psql -U ledgersmb -d ledgersmb -W -> does not work.

We need to see the error message you get when you try to connect.

> # "local" is for Unix domain socket connections only
> local   all         all                               ident sameuser
> local   all         all                               md5
> local   all         all                               pam

Ah, you've misunderstood how pg_hba.conf works.  The first line which 
matches the host, user and db will be used, so you're never getting past 
"ident sameuser".  This makes the -U switch useless.

-- 
--Josh

Josh Berkus
PostgreSQL @ Sun
San Francisco

References:
- postgres help.
  - From: Milton Calnek

Prev by Date: Re: Interesting coverage of our project on the SQL-Ledger-users list
Next by Date: Re: Interesting coverage of our project on the SQL-Ledger-users list
Previous by thread: Re: postgres help.
Next by thread: Importing Customers, Vendors, Parts
Index(es):
- Date
- Thread