I used sudo su postgres and set up my database while logged in as the linux user postgres. After exiting to my normal shell, logged in as my non-root user, I can simply use psql -U postgres and then do whatever I want with any database, Postgres user, etc. Is this normal, and does it pose a security risk?
Asked
Active
Viewed 290 times
-1
orokusaki
- 2,693
- 4
- 28
- 42
-
1What does your `pg_hba.conf` say? – Michael Hampton Dec 15 '12 at 03:41
-
@MichaelHampton - Aha, thanks :) Do you think it's a good practice to modify the `all` in the `local` to read `postgres` instead? – orokusaki Dec 15 '12 at 03:48
1 Answers
3
Sounds like your pg_hba.conf is set to trust for local connections. If you trust your local users, that's not too bad, though I don't think it's ever a great idea for production.
Make really sure that trust isn't set for host (network) connections - it's sort-of OK to allow trust for 127.0.0.1 but it's something I'd only actually consider doing for a test setup, never for production. You should be using md5 password auth or a strong security mechanism like certificate auth, Kerberos, etc for network clients.
Craig Ringer
- 10,553
- 9
- 38
- 59
-
Excellent! Thanks, Craig - I'll use md5, since the server is only accessible in a private network. What would you say to my question posed above in the OP comments? – orokusaki Dec 15 '12 at 03:49
-
1@orokusaki It depends on whether or not you trust your local users (and the security of the host system to prevent an illicit login) -- Generally as Craig said I would not do this in production. – voretaq7 Dec 15 '12 at 03:54