Hello everyone;

My systems admin says that he needs to have use of the Postgres user
without a password. His Debian package manager requires this.

He tells me that he can lock down that user on the system so that there
are no security concerns.

Can someone tell me if this is acceptable?


Also, my method for creating another superuser is to update the
pg_shadow files "usesuper" field to 't'. Are there any issues I should
be aware of for doing such a thing. Thanks.

Bob Powell
Database Administrator

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

On Thu, Nov 11, 2004 at 10:31:28 -0500,
Bob Powell <Bob (AT) hotchkiss (DOT) org> wrote:
If they will be connecting to postgres using domain sockets then you can
use ident authentication to limit them to the appropiate postgres accounts
based on their system account.

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo (AT) postgresql (DOT) org so that your
message can get through to the mailing list cleanly

"Bob Powell" <Bob (AT) hotchkiss (DOT) org> writes:
Why can't he put his password in ~/.pgpass?

Or if you don't like that, see if you can set up to let him in with
IDENT. But using TRUST on a multi-user machine is just asking for
trouble.

The CREATEUSER option to CREATE/ALTER USER is the same thing.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faqs/FAQ.html

On Thu, 2004-11-11 at 15:31, Bob Powell wrote:
The PostgreSQL user "postgres" is given the ability to connect to any
database on the local machine without supplying a password. The Debian
package of PostgreSQL uses "ident sameuser" authentication by default.
This means that you can only connect to PostgreSQL with the same
username as you logged into the system with, and you can only do this
from the local machine. The "postgres" system user is installed with a
non-valid password, so that it is impossible to login as postgres; you
have to become superuser first and then use su. The root user can do
this at any time with the command "su - postgres". He does not need to
supply a password.

I don't know what you mean by "Debian package manager". If you refer to
the package installation scripts, these run as root and therefore a
package's installation script can adopt at will the identity "postgres"
(which is the id that owns the Debian-installed PostgreSQL database).
If you mean that a particular package needs to run without providing a
password on connect, this can be set up by editing
/etc/postgresql/pg_hba.conf for a particular combination of user, host
and database; whether it is the best way to do it is not determinable
from the information you have provided.

I know that some Debian maintainers (or the upstream package authors)
have not really understood how to use PostgreSQL's authentication
system. It may be that you need to file bugs on the packages...but we
need more details.

I would want to know exactly what he was proposing to do before I could
answer that. Apart from security concerns, if he changes the login
behaviour of the postgres system user, it might cause problems for
package installation scripts, which expect things to be as they are set
up by the postgresql package.

Oliver Elphick
Debian maintainer for PostgreSQL



---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match