Thread

  1. Re: [HACKERS] Re: [QUESTIONS] How is PostgreSQL doing?

    Andrew Martin <martin@biochemistry.ucl.ac.uk> — 1998-01-26T10:40:32Z

    > I found this patch in my mailbox.  Is there any intestest in this, or is
    > it too site-specific?
    > 
    > > 
    > > Eze Ogwuma writes:
    > > > Bruce Momjian <maillist@candle.pha.pa.us> writes:
    > > > > Can you be specific?  Something I can add to the TODO list.
    > > > 
    > > > Database based access for users so that each user can be giving access
    > > > to a particular database only. More permissions for each databse user:
    > > > Create, Drop, Select, Insert etc. Possibly table based
    > > > authentification as well.
    > > 
    > > I needed to do that for the web database that I'm setting up. We have
    > > 20000 users and each (potentially) needs a separate database which is
    > > only accessible to them. Rather than having 20000 lines in pg_hba.conf,
    > > I've patched Postgres so that the special token "%username" in the
    > > database field of pg_hba.conf allows access only to the username which
    > > is connecting. (I chose the leading "%" so that it couldn't clash with
    > > a real database name.) Since the patch is against 6.1 rather than
    > > 6.2beta, I hadn't made it public. Here it is in case it's of interest.
    > > 
    
    Yes please! I'd like to see this...
    
    
    Andrew
    
    ----------------------------------------------------------------------------
    Dr. Andrew C.R. Martin                             University College London
    EMAIL: (Work) martin@biochem.ucl.ac.uk    (Home) andrew@stagleys.demon.co.uk
    URL:   http://www.biochem.ucl.ac.uk/~martin
    Tel:   (Work) +44(0)171 419 3890                    (Home) +44(0)1372 275775
    
    
  2. Re: [HACKERS] Re: [QUESTIONS] How is PostgreSQL doing?

    Bruce Momjian <maillist@candle.pha.pa.us> — 1998-01-26T15:08:07Z

    > 
    > > I found this patch in my mailbox.  Is there any intestest in this, or is
    > > it too site-specific?
    > > 
    > > > 
    > > > Eze Ogwuma writes:
    > > > > Bruce Momjian <maillist@candle.pha.pa.us> writes:
    > > > > > Can you be specific?  Something I can add to the TODO list.
    > > > > 
    > > > > Database based access for users so that each user can be giving access
    > > > > to a particular database only. More permissions for each databse user:
    > > > > Create, Drop, Select, Insert etc. Possibly table based
    > > > > authentification as well.
    > > > 
    > > > I needed to do that for the web database that I'm setting up. We have
    > > > 20000 users and each (potentially) needs a separate database which is
    > > > only accessible to them. Rather than having 20000 lines in pg_hba.conf,
    > > > I've patched Postgres so that the special token "%username" in the
    > > > database field of pg_hba.conf allows access only to the username which
    > > > is connecting. (I chose the leading "%" so that it couldn't clash with
    > > > a real database name.) Since the patch is against 6.1 rather than
    > > > 6.2beta, I hadn't made it public. Here it is in case it's of interest.
    > > > 
    > 
    > Yes please! I'd like to see this...
    
    I think it may already be there, but with no documentation in
    pg_hba.conf:
    
    See backend/libpq/hba.c:
    
      Special case: For usermap "sameuser", don't look in the usermap
      file.  That's an implied map where "pguser" must be identical to
      "ident_username" in order to be authorized.
    
    
    -- 
    Bruce Momjian
    maillist@candle.pha.pa.us