From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id DC50A1381F3 for ; Tue, 23 Apr 2013 15:48:56 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0EB7AE089B; Tue, 23 Apr 2013 15:48:47 +0000 (UTC) Received: from mail129c7.megamailservers.com (mail129c7-2520.megamailservers.com [69.49.98.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D152AE0856 for ; Tue, 23 Apr 2013 15:48:45 +0000 (UTC) X-POP-User: admin.sys-concept.com Received: from syscon7.localdomain (S01060050da7ae68c.ed.shawcable.net [68.149.90.13]) by mail129c7.megamailservers.com (8.13.6/8.13.1) with ESMTP id r3NFlb82028124 for ; Tue, 23 Apr 2013 11:48:03 -0400 Received: by syscon7.localdomain (Postfix, from userid 1000) id 0DC40200AAC; Tue, 23 Apr 2013 09:47:43 -0600 (MDT) Date: Tue, 23 Apr 2013 09:47:43 -0600 From: Joseph To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only Message-ID: <20130423154742.GC19375@syscon7.inet> References: <20130423001731.GB5934@syscon7.inet> <81bef797b52ca11c567d3e5a93c9d7e4.squirrel@www.antarean.org> <20130423123737.GB19375@syscon7.inet> <56cede771dcbb26af7fb96d215b6bca0.squirrel@www.antarean.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline In-Reply-To: <56cede771dcbb26af7fb96d215b6bca0.squirrel@www.antarean.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: 21e0017c-16f0-431d-a9ce-0cbeda01efba X-Archives-Hash: c715041ae6e3927b802a4868e803ec7f On 04/23/13 15:57, J. Roeleveld wrote: >On Tue, April 23, 2013 14:37, Joseph wrote: >> On 04/23/13 10:07, J. Roeleveld wrote: >>>On Tue, April 23, 2013 02:17, Joseph wrote: >>>> In my "pg_hba.conf" I have: >>>> >>>> local all all trust >>>> host all all 127.0.0.1/32 trust >>>> >>>> I was under impression that this is configuration is for localhost >>>> "127.0.0.1" access only. >>>> But to my surprise I can access my database from other machine on my >>>> network and even from another sub-network that I'm connected to via VPN >>>> >>>> How this authentication/access work? >>> >>>Normally that should be sufficient. >>>On which machine does the client-software run? >>> >>>-- >>>Joost Roeleveld >> >> postgresql server runs on my machine but all other machines on the network >> including the one on remote location that I'm connected to via VPN can >> connect to postgresql >> database. >> I don't want other machine to have access to my server database. >> >> Even with a single line in pg_hba.conf >> local all all trust >> >> all other machine on the network can connect to my postgresql database. > >If the PostgreSQL database is running on machine X. >And you are using machine Y. > >What command do you type to connect on machine Y? > >-- >Joost I'm using SQL-Ledger (firefox) to access the postgresql. Brief history: I had a problem in the past when I upgraded to posgresql-9.1, all of a sudden I could not access the sql-ledger. The solution was to add "postgres group" to apache user. The reason for it was the change in directory permission: postgresql 8.x drwxrwx--x 2 postgres postgres 4096 Dec 14 19:57 /var/run/postgresql/ postgresql 9.x drwxrwx--- 2 postgres postgres 4096 Dec 19 13:21 /var/run/postgresql/ So: groups apache apache postgres groups postgres postgres I hope this is correct as adding group "apache" to postgres user does not work. But I just realized that any user from local network can access my sql-ledger using browser. -- Joseph