| Lists: | pgsql-adminpgsql-general |
|---|
| From: | "Anderson Alves de Albuquerque " <andersonaa(at)gmail(dot)com> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Permission ALTER PASSWORD |
| Date: | 2007-08-08 21:35:51 |
| Message-ID: | 9b3f75f0708081435p23494a95gd2ac55adf3db02b3@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-admin pgsql-general |
I have problem with permission, I need to use a user no SUPERUSER.
I use commands:
CREATE ROLE $USER LOGIN;
ALTER user $USER noCREATEDB NOCREATEROLE noCREATEUSER NOINHERIT;
ALTER USER $USER with password 'XX';
REVOKE create on SCHEMA public from public;
revoke all on schema PUBLIC FROM $USER;
With these commands MY user $USER don't have permission to create table and
another thing. But I need that $USER can't have permission to change your
password with:
psql -d $BD -h $HOST -U $USER
# ALTER $USER maluco with password 'YYY';
After user $USER execute this ALTER, it get change PASSWORD. Could I block
command ALTER password to user $USER?
| From: | Decibel! <decibel(at)decibel(dot)org> |
|---|---|
| To: | Anderson Alves de Albuquerque <andersonaa(at)gmail(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: [GENERAL] Permission ALTER PASSWORD |
| Date: | 2007-08-15 15:47:47 |
| Message-ID: | 20070815154747.GE54135@nasby.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-admin pgsql-general |
On Wed, Aug 08, 2007 at 06:35:51PM -0300, Anderson Alves de Albuquerque wrote:
> After user $USER execute this ALTER, it get change PASSWORD. Could I block
> command ALTER password to user $USER?
No, there's no way to do that. You might want to look at using
ident-based authentication for that user instead.
--
Decibel!, aka Jim Nasby decibel(at)decibel(dot)org
EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)