On Fri, Nov 13, 2009 at 11:47 AM, Tom Lane <tgl@xxxxxxxxxxxxx> wrote:
Definitely the right file, and I've restarted multiple times. If I set this:Joe Miller <joe.d.miller@xxxxxxxxx> writes:Looks reasonable.
> I have a PostgreSQL installation for which I would like to limit local
> domain socket access to the postgres user and members of the "myadmin"
> group. I've modified pg_hba.conf to trust local domain socket connections,
> and changed these settings in postgresql.conf:
> unix_socket_group = 'myadmin'
> unix_socket_permissions = 0770
Huh, did you restart the server? Are you sure you modified the right
> When I look at the socket file in /tmp, I see the following:
> srwx------ 1 postgres postgres 0 Nov 13 10:03 .s.PGSQL.5432
config file? Those settings obviously didn't "take".
#unix_socket_group = ''
unix_socket_permissions = 0770
...everything works as I expect. I have access logged in as either root or postgres, but get "permission denied" if I'm logged in as a myadmin user.
If I set this:
unix_socket_group = 'myadmin'
unix_socket_permissions = 0777
...connection is refused for all accounts. For this config, I'd expect to see the socket owned by the myadmin group, but I should have access from any account, correct?
Joe
