Re: user privilages for executing pg_autovacuum?

["Zlatko Matic" <zlatko.matic1@xxxxxxxxxxx>]

No, I didn't try ident authentication...
It seems to me that security issues should be passd to client company's 
system administrator ?


----- Original Message ----- 
From: "Jim C. Nasby" <jnasby@xxxxxxxxxxxxx>
To: "Zlatko Matic" <zlatko.matic1@xxxxxxxxxxx>
Cc: "Tom Lane" <tgl@xxxxxxxxxxxxx>; "Matthew T. O'Connor" 
<matthew@xxxxxxxx>; <pgsql-general@xxxxxxxxxxxxxx>
Sent: Thursday, October 13, 2005 9:35 PM
Subject: Re:  user privilages for executing pg_autovacuum?


> AFAIK you can't, and there's not really much point anyway. Anyone with
> taccess to that file will be able to connect to the database.
>
> Have you looked at using ident authentication on localhost?
>
> On Wed, Oct 12, 2005 at 10:12:31AM +0200, Zlatko Matic wrote:
> > If I put password in pgpass file it's still a plain text. How to hide it 
> > ?
> >
> > ----- Original Message ----- 
> > From: "Jim C. Nasby" <jnasby@xxxxxxxxxxxxx>
> > To: "Tom Lane" <tgl@xxxxxxxxxxxxx>
> > Cc: "Zlatko Mati?" <zlatko.matic1@xxxxxxxxxxx>; "Matthew T. O'Connor"
> > <matthew@xxxxxxxx>; <pgsql-general@xxxxxxxxxxxxxx>
> > Sent: Wednesday, October 12, 2005 1:14 AM
> > Subject: Re:  user privilages for executing pg_autovacuum?
> >
> >
> > >On Tue, Oct 11, 2005 at 02:39:24PM -0400, Tom Lane wrote:
> > >>=?iso-8859-2?Q?Zlatko_Mati=E6?= <zlatko.matic1@xxxxxxxxxxx> writes:
> > >>> That's the reason why I ask. If a user that executes pg_autovacuum 
> > >>> must
> > >>> be
> > >>> owner of tables or a superuser, that it is a security problem to pass
> > >>> password as plain text...
> > >>> How peple solve this problem ?
> > >>
> > >>Put the password in a ~/.pgpass file belonging to the user that runs 
> > >>the
> > >>autovacuum task.
> > >
> > >Or you can run pg_autovacuum on the server itself and allow ident
> > >authentication for unix sockets (assuming you're on unix/linux).
> > >-- 
> > >Jim C. Nasby, Sr. Engineering Consultant      jnasby@xxxxxxxxxxxxx
> > >Pervasive Software      http://pervasive.com    work: 512-231-6117
> > >vcard: http://jim.nasby.net/pervasive.vcf       cell: 512-569-9461
> > >
> > >---------------------------(end of broadcast)---------------------------
> > >TIP 3: Have you checked our extensive FAQ?
> > >
> > >              http://www.postgresql.org/docs/faq
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 5: don't forget to increase your free space map settings
>
> --
> Jim C. Nasby, Sr. Engineering Consultant      jnasby@xxxxxxxxxxxxx
> Pervasive Software      http://pervasive.com    work: 512-231-6117
> vcard: http://jim.nasby.net/pervasive.vcf       cell: 512-569-9461
>
> ---------------------------(end of broadcast)---------------------------
> TIP 9: In versions below 8.0, the planner will ignore your desire to
>       choose an index scan if your joining column's datatypes do not
>       match 


---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster