Thom,
You appear to be trusting all connections what I think you want is the
following:
local all all ident sameuser
# IPv4 local connections:
host all all 127.0.0.1/32 ident sameuser
# IPv6 local connections:
host all all ::1/128 ident sameuser
Remember that you need to get postgres to reread the file after
changing it by using pg_ctl reload or kill -HUP {pid}
Andy Bailey
On Thu, Oct 15, 2009 at 5:38 AM, Thom Brown <thombrown@gmail.com> wrote:
> I've noticed that if I just log in to my server, I don't su to root,
> or become the postgres user, I can get straight into the database as
> the postgres user merely with "psql -U postgres -h localhost". My
> user account isn't a member of the postgres group.
>
> It appears I've not applied my security settings correctly. What can
> I do to prevent access this way? I'd still want to be able to su to
> the postgres user and log in that way, but not with the -U parameter
> allowing access.
>
> The pg_hba.conf is probably relevant here, so this is the setup:
>
> # TYPE DATABASE USER CIDR-ADDRESS METHOD
>
> # "local" is for Unix domain socket connections only
> local all all trust
> # IPv4 local connections:
> host all all 127.0.0.1/32 trust
> # IPv6 local connections:
> host all all ::1/128 trust
>
> Thanks
>
> Thom Brown
> Crawley, UK
>
> --
> Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>
--
Andrew Bailey
(312) 866 9556
NOTA DE CONFIDENCIALIDAD Y DE NO DIVULGACIÓN:
La información contenida en este E-mail y sus archivos adjuntos es
confidencial y sólo puede ser utilizada por el individuo
o la empresa a la cual está dirigido. Si no es el receptor autorizado,
cualquier retención, difusión,
distribución o copia de este mensaje queda prohibida y sancionada por
la ley. Si por error recibe este
mensaje, favor devolverlo y borrarlo inmediatamente.