Lists: | pgsql-adminpgsql-general |
---|
From: | "Anderson Alves de Albuquerque " <andersonaa(at)gmail(dot)com> |
---|---|
To: | pgsql-admin(at)postgresql(dot)org |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Permission ALTER PASSWORD |
Date: | 2007-08-08 21:35:51 |
Message-ID: | 9b3f75f0708081435p23494a95gd2ac55adf3db02b3@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-admin pgsql-general |
I have problem with permission, I need to use a user no SUPERUSER.
I use commands:
CREATE ROLE $USER LOGIN;
ALTER user $USER noCREATEDB NOCREATEROLE noCREATEUSER NOINHERIT;
ALTER USER $USER with password 'XX';
REVOKE create on SCHEMA public from public;
revoke all on schema PUBLIC FROM $USER;
With these commands MY user $USER don't have permission to create table and
another thing. But I need that $USER can't have permission to change your
password with:
psql -d $BD -h $HOST -U $USER
# ALTER $USER maluco with password 'YYY';
After user $USER execute this ALTER, it get change PASSWORD. Could I block
command ALTER password to user $USER?
From: | Decibel! <decibel(at)decibel(dot)org> |
---|---|
To: | Anderson Alves de Albuquerque <andersonaa(at)gmail(dot)com> |
Cc: | pgsql-admin(at)postgresql(dot)org, pgsql-general(at)postgresql(dot)org |
Subject: | Re: [GENERAL] Permission ALTER PASSWORD |
Date: | 2007-08-15 15:47:47 |
Message-ID: | 20070815154747.GE54135@nasby.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-admin pgsql-general |
On Wed, Aug 08, 2007 at 06:35:51PM -0300, Anderson Alves de Albuquerque wrote:
> After user $USER execute this ALTER, it get change PASSWORD. Could I block
> command ALTER password to user $USER?
No, there's no way to do that. You might want to look at using
ident-based authentication for that user instead.
--
Decibel!, aka Jim Nasby decibel(at)decibel(dot)org
EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)