--001485e9a9e225cd39047dbd03ad
Content-Type: text/plain; charset=ISO-8859-1

Hello,

Can anyone please throw some light on the behavior of postgres when it comes
to permission issues... I'm using enterprisedb 8.3 on opensuse linux 10.3
and 11 (2 machines).
This is what i have understood so far:

Lets say user user1 is a non-root user. I login to the machine as root and
install enterprisedb. During installation i'm asked for an existing
non-root user to act as the 'owner' of the installation. I provide 'user1'.
So user1 becomes the 'owner' of the installation and has the privilege of
starting and stopping the service. Also the file .pgpass (postgres password
file) gets automatically created in user1's home folder and it contains a
line for localhost, specifying the password of user postgres. If this
file exists in any user's home, then that user will be allowed to connect to
postgres server without a password.

Now during installation, the user 'postgres' will be created if it doesnt
already exist. And these 2 users (user1, postgres) will have write
permissions to each other's home directories.


Please tell me if my understanding so far is correct and if you can
enlighten me further.

My requirement is to let postgres have write access to another user's home
directory (say 'tomcat' which could be a system user) and vice versa ie
tomcat should have write access to postgres' home and also password-less
access to psql. And similarly other OS users might need the same
permissions.

Another doubt: How and when does the .pgpass file gets created and its
contents get added? I saw that explicitly creating a file for an OS user
and adding an entry for localhost enables the user to connect to psql w/o a
password. And similarly if remote connection is enabled in a remote server,
an entry should exist for the remote server in the local .pgpass file. I
want to know how much of this happens automatically and when.

Thanks a ton,
Shruthi

--001485e9a9e225cd39047dbd03ad
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hello,<br><br>Can anyone please throw some light on the behavior of postgre=
s when it comes to permission issues...=A0=A0 I'm using enterprisedb 8.=
3 on opensuse linux 10.3 and 11=A0=A0 (2 machines).<br>This is what i have =
understood so far:=A0=A0 <br>
<br>Lets say user user1 is a non-root user.=A0 I login to the machine as ro=
ot and install enterprisedb.=A0 During installation i'm asked for an ex=
isting non-root user to act as the 'owner' of the installation. I p=
rovide 'user1'. =A0 So user1 becomes the 'owner' of the ins=
tallation and has the privilege of starting and stopping the service.=A0 Al=
so the file .pgpass (postgres password file) gets automatically created in =
user1's home folder and it contains a line for localhost, specifying th=
e password of user postgres.=A0=A0=A0 If this file exists in any user's=
home, then that user will be allowed to connect to postgres server without=
a password.<br>
<br>Now during installation, the user 'postgres' will be created if=
it doesnt already exist.=A0 And these 2 users (user1, postgres) will have =
write permissions to each other's home directories.<br><br><br>Please t=
ell me if my understanding so far is correct and if you can enlighten me fu=
rther.=A0=A0 <br>
<br>My requirement is to let postgres have write access to another user'=
;s home directory (say 'tomcat' which could be a system user) and v=
ice versa ie tomcat should have write access to postgres' home and also=
password-less access to psql.=A0=A0 And similarly other OS users might nee=
d the same permissions.<br>
<br>Another doubt: How and when does the .pgpass file gets created and its =
contents get added?=A0=A0 I saw that explicitly creating a file for an OS u=
ser and adding an entry for localhost enables the user to connect to psql w=
/o a password.=A0 And similarly if remote connection is enabled in a remote=
server, an entry should exist for the remote server in the local .pgpass f=
ile.=A0=A0 I want to know how much of this happens automatically and when.<=
br>
<br>Thanks a ton,<br>Shruthi<br>

--001485e9a9e225cd39047dbd03ad--

> Now during installation, the user 'postgres' will be created if it doesnt
> already exist.=A0 And these 2 users (user1, postgres) will have write
> permissions to each other's home directories.
>
>
> Please tell me if my understanding so far is correct and if you can
> enlighten me further.

I think there might be some confusion over your use of the word
"user". There are two main types of users when we talk about
postgresql. There's system users and database users. System users
typically have a login and a shell on the operating system. Postgres
needs at least one system user to launch the database process. The
database files should be owned by only this user.

Database users do not need a login and shell on the operating system.
Instead they connect to postgresql using tcp/ip or some other means
and can interact with the database that way. This user does not need
to have a shell account or permissions to the filesystem where the
database files are located.

Typically, you'd install postgresql and have the postgres user run the
server process. Then you'd create database users that can access the
functionality of the database. Just like with Apache Web Server, there
is the apache user which starts the server process while you can
control web page access using HTTP Basic authentication via a htpasswd
file. These users are not "system" users.

AJ

--
Sent via pgsql-admin mailing list (pgsql-admin [at] postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin