Return-Path: pg_adm@postgres.berkeley.edu
Received: by postgres.Berkeley.EDU (5.61/1.29)
	id AA17221; Wed, 6 May 92 09:10:37 -0700
From: Rod Rebello -- CAD Development <titan!rrebello@asuvax.eas.asu.edu>
Subject: Re: Using Postgres from Unix and security
To: postgres@postgres.berkeley.edu
Sender: pg_adm@postgres.berkeley.edu
From: Rod Rebello -- CAD Development <titan!rrebello@asuvax.eas.asu.edu>
To: postgres@postgres.berkeley.edu
Date: 	Wed, 6 May 1992 08:21:49 -0700
Return-Receipt-To: titan!rrebello@asuvax.eas.asu
X-Mailer: ELM [version 2.3 PL11]
Message-Id: <92May6.081935mst.63102@titan>

Stuart Pook said:
> You write:
> > > I have compiled and installed postgres, run initdb, launched a
> > > postmaster, and created a database called foo.  I have not run createuser.
> > > I find that any user can run "/usr/postgres/bin/monitor foo" and change
> > > the contents of the database foo.  This behaviour does not seem to agree
> > > with the documentation cited above.  Am I confused?
> > 
> > No, this isn't supposed to happen.  What machine do you use?
> 
> This letter is an addition to my previous letter.  On my Sun SPARC
> createdb seems to understand that the unix user "slp" is not
> authorised to connect to postgres but the monitor allows slp to
> read (and modify) the database "foo".  The following demonstrates this:

I have also not run createuser, yet we have not had any problems with access.
We are using Sun Sparcs. We are still on postgres 3.0. I have 3.1, but have
not gotten around to installing it yet.

-- 
Rod Rebello
titan!rrebello@asuvax.eas.asu.edu
Microchip Technology Inc., Chandler, AZ