Return-Path: pg_adm@postgres.berkeley.edu Received: by postgres.Berkeley.EDU (5.61/1.29) id AA15680; Wed, 6 May 92 05:50:37 -0700 Message-Id: <9205061250.AA15680@postgres.Berkeley.EDU> From: Stuart Pook Subject: Re: Using Postgres from Unix and security To: postgres@postgres.berkeley.edu Sender: pg_adm@postgres.berkeley.edu In-Reply-To: Your message of Tue, 05 May 92 22:33:24 -0700. <9205060533.AA11978@postgres.Berkeley.EDU> Organization: Genethon, 13 Place de Rungis, 75013 Paris, France tel +33 1 45.65.13.00, fax +33 1 45.88.52.20 X-Face: "6o}6kk")qjUnYYq-`3_.vGq;@xj`3>#I/>4>E>DldCv:X#2%Rm+dr9HVN`g'#QgZFgsYsY .Q)bH:AoaW(n~=2B4aY?Q?{)1]&J+:LRX,qB>k{=6`K#2tRitzHKmi_9`}Lx0xdI*r!?MVNj7za"pZ *_QEm})y`y=vyyy~^0GY"HTvSCnv}eP*?{%zJ You write: > > I have compiled and installed postgres, run initdb, launched a > > postmaster, and created a database called foo. I have not run createuser. > > I find that any user can run "/usr/postgres/bin/monitor foo" and change > > the contents of the database foo. This behaviour does not seem to agree > > with the documentation cited above. Am I confused? > > No, this isn't supposed to happen. What machine do you use? This letter is an addition to my previous letter. On my Sun SPARC createdb seems to understand that the unix user "slp" is not authorised to connect to postgres but the monitor allows slp to read (and modify) the database "foo". The following demonstrates this: $ cd /usr/postgres/bin $ ./createdb bar WARN:May 6 14:41:45:No pg_user tuple for slp ./createdb: database creation failed on bar. $ ./monitor foo Welcome to the C POSTGRES terminal monitor Go * retrieve (dummy.all) \g Query sent to backend is "retrieve (dummy.all) " ----------------------------- | n | m | ----------------------------- | 6 | 5 | ----------------------------- Go *