database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-28 23:42:10 +03:00
Code Activity

Clean up markup for first useful version.

Browse Source
This commit is contained in:
Thomas G. Lockhart
1999-05-04 02:43:55 +00:00
parent 807ad858e2
commit 2289009722
1 changed files with 273 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
doc/src/sgml/security.sgml
View File

@ -2,6 +2,50 @@
<Title>Security</Title> <Title>Security</Title>
<Para> <Para>
Database security is addressed at several levels:
<itemizedlist>
<listitem>
<para>
Data base file protection. All files stored within the database
are protected from reading by any account other than the
<productname>Postgres</productname> superuser account.
</para>
</listitem>
<listitem>
<para>
Connections from a client to the database server are, by
default, allowed only via a local Unix socket, not via TCP/IP
sockets. The backend must be started with the
<literal>-i</literal> option to allow non-local clients to connect.
</para>
</listitem>
<listitem>
<para>
Client connections can be restricted by IP address and/or user
name via the <filename>pg_hba.conf</filename> file in <envar>PG_DATA</envar>.
</para>
</listitem>
<listitem>
<para>
Client connections may be authenticated vi other external packages.
</para>
</listitem>
<listitem>
<para>
Each user in <productname>Postgres</productname> is assigned a
username and (optionally) a password. By default, users do not
have write access to databases they did not create.
</para>
</listitem>
<listitem>
<para>
Users may be assigned to <firstterm>groups</firstterm>, and
table access may be restricted based on group privileges.
</para>
</listitem>
</itemizedlist>
</para>
<Sect1> <Sect1>
<Title>User Authentication</Title> <Title>User Authentication</Title>
@ -31,6 +75,9 @@ to the user-id of user <replaceable>postgres</replaceable>.
The effective user-id is used The effective user-id is used
as the basis for access control checks. No other authentication is as the basis for access control checks. No other authentication is
conducted. conducted.
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term> <term>
@ -50,9 +97,72 @@ systems available. Of course, host-based authentication is not fool-proof in
Unix, either. It is possible for determined intruders to also Unix, either. It is possible for determined intruders to also
masquerade the origination host. Those security issues are beyond the masquerade the origination host. Those security issues are beyond the
scope of <Productname>Postgres</Productname>. scope of <Productname>Postgres</Productname>.
</para>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</para>
</sect1>
<sect1>
<title>User Names and Groups</title>
<para>
To define a new user, run the
<application>createuser</application> utility program.
</para>
<para>
To assign a user or set of users to a new group, one must
define the group itself, and assign users to that group. In
<application>Postgres</application> these steps are not currently
supported with a <command>create group</command> command. Instead,
the groups are defined by inserting appropriate values into the
<literal>pg_group</literal> system table, and then using the
<command>grant</command> command to assign privileges to the
group.
</para>
<sect2>
<title>Creating Users</title>
<para>
</para>
</sect2>
<sect2>
<title>Creating Groups</title>
<para>
Currently, there is no easy interface to set up user groups. You
have to explicitly insert/update the <literal>pg_group table</literal>.
For example:
jolly=> insert into pg_group (groname, grosysid, grolist)
jolly=> values ('posthackers', '1234', '{5443, 8261}');
INSERT 548224
jolly=> grant insert on foo to group posthackers;
CHANGE
jolly=>
The fields in pg_group are:
* groname: the group name. This a name and should be purely
alphanumeric. Do not include underscores or other punctuation.
* grosysid: the group id. This is an int4. This should be unique for
each group.
* grolist: the list of pg_user id's that belong in the group. This
is an int4[].
</para>
</sect2>
<sect2>
<title>Assigning Users to Groups</title>
<para>
</para>
</sect2>
</sect1>
<Sect1> <Sect1>
<Title>Access Control</Title> <Title>Access Control</Title>
@ -83,6 +193,9 @@ Access Privilege
The use of access privilege to limit reading, writing and setting The use of access privilege to limit reading, writing and setting
of rules on classes is covered in of rules on classes is covered in
<citetitle>grant/revoke(l)</citetitle>. <citetitle>grant/revoke(l)</citetitle>.
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term> <term>
@ -98,8 +211,12 @@ and
only operate for the owner of the class. As mentioned above, these only operate for the owner of the class. As mentioned above, these
operations are <emphasis>never</emphasis> operations are <emphasis>never</emphasis>
permitted on system catalogs. permitted on system catalogs.
</para>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</para>
</sect1>
<Sect1> <Sect1>
<Title>Functions and Rules</Title> <Title>Functions and Rules</Title>
@ -113,6 +230,7 @@ control over who can define functions (e.g., write to relations with
SQL fields) and rules. Audit trails and alerters on SQL fields) and rules. Audit trails and alerters on
<literal>pg_class</literal>, <literal>pg_user</literal> <literal>pg_class</literal>, <literal>pg_user</literal>
and <literal>pg_group</literal> are also recommended. and <literal>pg_group</literal> are also recommended.
</para>
<Sect2> <Sect2>
<Title>Functions</Title> <Title>Functions</Title>
@ -126,6 +244,8 @@ backend server runs with its real and effective user-id set to
internal data structures from inside of trusted functions. Hence, internal data structures from inside of trusted functions. Hence,
among many other things, such functions can circumvent any system among many other things, such functions can circumvent any system
access controls. This is an inherent problem with user-defined C functions. access controls. This is an inherent problem with user-defined C functions.
</para>
</sect2>
<Sect2> <Sect2>
<Title>Rules</Title> <Title>Rules</Title>
@ -133,11 +253,11 @@ access controls. This is an inherent problem with user-defined C functions.
<Para> <Para>
Like SQL functions, rules always run with the identity and Like SQL functions, rules always run with the identity and
permissions of the user who invoked the backend server. permissions of the user who invoked the backend server.
</para>
</sect2>
<sect2> <sect2>
<title> <title>Caveats</title>
Caveats
</title>
<para> <para>
There are no plans to explicitly support encrypted data inside of There are no plans to explicitly support encrypted data inside of
@ -146,10 +266,30 @@ There are no plans to explicitly support encrypted data inside of
data within user-defined functions). There are no plans to explicitly data within user-defined functions). There are no plans to explicitly
support encrypted network connections, either, pending a total rewrite support encrypted network connections, either, pending a total rewrite
of the frontend/backend protocol. of the frontend/backend protocol.
</para>
<para> <para>
User names, group names and associated system identifiers (e.g., the User names, group names and associated system identifiers (e.g., the
contents of <literal>pg_user.usesysid</literal>) are assumed to be unique contents of <literal>pg_user.usesysid</literal>) are assumed to be unique
throughout a database. Unpredictable results may occur if they are throughout a database. Unpredictable results may occur if they are
not. not.
</para>
</sect2>
</sect1>
</chapter> </chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:nil
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:"./reference.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:"/usr/lib/sgml/CATALOG"
sgml-local-ecat-files:nil
End:
-->