From owner-freebsd-questions@FreeBSD.ORG  Fri Sep 12 15:13:58 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 89E3716A4BF
	for <freebsd-questions@freebsd.org>;
	Fri, 12 Sep 2003 15:13:58 -0700 (PDT)
Received: from kanga.honeypot.net (kanga.honeypot.net [208.162.254.122])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 71D3343FF9
	for <freebsd-questions@freebsd.org>;
	Fri, 12 Sep 2003 15:13:57 -0700 (PDT)
	(envelope-from kirk@strauser.com)
Received: from pooh.strauser.com (pooh.honeypot.net [10.0.5.128])
	by kanga.honeypot.net (8.12.9/8.12.9) with ESMTP id h8CMDp1T007897;
	Fri, 12 Sep 2003 17:13:52 -0500 (CDT)
	(envelope-from kirk@strauser.com)
To: "Andrew L. Gould" <algould@datawok.com>
References: <87r82lbu4y.fsf@strauser.com>
	<200309121639.14573.algould@datawok.com>
From: Kirk Strauser <kirk@strauser.com>
Date: Fri, 12 Sep 2003 17:13:38 -0500
In-Reply-To: <200309121639.14573.algould@datawok.com> (Andrew L. Gould's
 message of "Fri, 12 Sep 2003 16:39:14 -0500")
Message-ID: <87fzj1bqp9.fsf@strauser.com>
Lines: 19
X-Mailer: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha1; protocol="application/pgp-signature"
cc: freebsd-questions@freebsd.org
Subject: Re: Trying to secure PostgreSQL
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Sep 2003 22:13:58 -0000

--=-=-=
Content-Transfer-Encoding: quoted-printable

At 2003-09-12T21:39:14Z, "Andrew L. Gould" <algould@datawok.com> writes:

> You're looking for something difficult when the easier answer is correct.
>
> As root, set pgsql's password by executing:
>
> passwd pgsql

What would that buy me?  After doing that, I can still access any database
on the system with:

    kirk@kanga:~$ psql -U pgsql template1
    Welcome to psql 7.3.4, the PostgreSQL interactive terminal.

without being prompted for a password.  I don't want users, even local
users, to have full run of the database as the user of their choice.
=2D-=20
Kirk Strauser

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQA/YkUf5sRg+Y0CpvERAqYgAJ45l949AjbafWtDhid/OsfmUuEVsgCfW4UT
/9e8U8cS/NAjV/Wran+aF60=
=x4RV
-----END PGP SIGNATURE-----
--=-=-=--