Search Postgresql Archives

Re: Best practice non privilege postgres-user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Frank Lanitz wrote:
> I'm looking for some kind of best practice for a non-privilege
postgres
> user. As not all operations can be done within psql you might need
> access to postgres- on command line from time to time. Currently this
is
> done via root-privvileges and >su - postgres< directly on database
> server - which is might not the best idea. Therefor our goal is to
limit
> access to a little number of people on the first hand and don't
> necessary give them root-privileges on the databse server. We
> experimented a bit with sudo but had issues with some of the
> environmental variables. So my question is: do you have any best
> practice how to manage this? Is there any golden rule for this?

When you say "access to postgres on command line", I assume that you
mean "shell access as PostgreSQL OS user".

One easy way would be to setup ssh and either give the OS password
of "postgres" to the trusted people or configure ssh to accept only
certain certificates.

There are other ways to authenticate; I guess the best solution
will depend on your environment and your needs.

If you mean "access to PostgreSQL via psql as superuser", there
is no need for shell access to the database machine itself.
Again you can either hand out the password or set up some
more advanced authentication method.

Yours,
Laurenz Albe


-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux