On Wed, 19 Dec 2007, A. Kretschmer wrote:
psql -U ... database -c "create user foo password 'secret';"
This seems like a reasonable example, but it will also show the password
you're assigning on the command line to anybody who happens to run ps,
which is the reason why this isn't allowed by createuser in the first
place.
In your typical shell nowadays the echo command is a built-in one--it
executes directly rather than calling a separate echo binary, so it won't
leak what you tell it onto a command line. That means this line in a
script would be simplest way to do this that's not completely insecure:
echo "create user foo password 'secret'" | psql ...
This is not recommended on the command line (I think other people can
still see the whole thing), but in a script I believe others just see the
psql executing against standard input.
Of course you need the surrounding script to not do the wrong thing
either, where the wrong thing includes any approach where you put the
password on the command line. Last time I had to do a batch creation of a
bunch of accounts I put them into a file with the format
"username:password", read that directly from the shell (a good sample to
borrow from for that part is
http://www.askdavetaylor.com/how_do_i_read_lines_of_data_in_a_shell_script.html
) and used echo | psql as above to create them. This is not an approach
I'd want to use as a long-term tool, but for hacking something together
it's not an awful way to do it.
Like all questions with security implications, I highly recommend you
believe nothing I said above and confirm each suggestion through your own
research and testing.
--
* Greg Smith gsmith@xxxxxxxxxxxxx http://www.gregsmith.com Baltimore, MD
---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings