On Mon, 9 May 2016 13:02:53 -0700 Adrian Klaver <adrian.klaver@xxxxxxxxxxx> wrote: > So define PHP runs as 'nobody'? Because of the way PHP and Apache works PHP script have to run as the Apache user which, in my case anyway, is "nobody" so every PHP script runs as nobody. Meanwhile non-PHP scripts run as the user who owns the site. > Is that the script's user permissions? Sometimes. The user has the choice to have everything owned by nobody (which requires that they contact us for changes) or else as themself but with world readable permissions on the files so that nobody can serve them. > Or is that the database user the script is connecting as? Yes. > Is 'nobody' defined as a database user? Yes but each user has their own database with their own user and password. When they run PHP scripts they connect as nobody but they attempt to login as themself. Basically I think that pg_hba.conf is missing a feature. We can specify the database, the user and the address but we can't specify the authenticated user. When it sees this; provided user name (x) and authenticated user name (nobody) do not match I would like it to connect with user x but drop to password authentication. -- D'Arcy J.M. Cain <darcy@xxxxxxxxx> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 788 2246 (DoD#0082) (eNTP) | what's for dinner. IM: darcy@xxxxxxx, VoIP: sip:darcy@xxxxxxxxx -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
