Search Postgresql Archives

Re: Using both ident and password in pg_hba.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/09/2016 01:18 PM, D'Arcy J.M. Cain wrote:
On Mon, 9 May 2016 13:02:53 -0700
Adrian Klaver <adrian.klaver@xxxxxxxxxxx> wrote:
So define PHP runs as 'nobody'?

Because of the way PHP and Apache works PHP script have to run as the
Apache user which, in my case anyway, is "nobody" so every PHP script
runs as nobody.  Meanwhile non-PHP scripts run as the user who owns the
site.

Is that the script's user permissions?

Sometimes.  The user has the choice to have everything owned by nobody
(which requires that they contact us for changes) or else as themself
but with world readable permissions on the files so that nobody can
serve them.

Or is that the database user the script is connecting as?

Yes.

Is 'nobody' defined as a database user?

Yes but each user has their own database with their own user and
password.  When they run PHP scripts they connect as nobody but they
attempt to login as themself.

The above does not make sense to me. Maybe I am not understanding if you mean connect and login as the same thing or not? I could see connecting as 'nobody' and then doing SET ROLE as user. Or connect as 'nobody' for the PHP script and have a separate connection as the database user. Otherwise you are going to have to explain more about what you are doing.


Basically I think that pg_hba.conf is missing a feature.  We can
specify the database, the user and the address but we can't specify the
authenticated user.  When it sees this;

provided user name (x) and authenticated user name (nobody) do not match

I would like it to connect with user x but drop to password
authentication.

Again this seems to assume a given connection can have two user names at the same time. As John pointed out there is mapping but it still resolves to only one name for the actual connection.




--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx


--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux