NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit09f0893

committed

initdb: Change authentication defaults

Change the defaults for the pg_hba.conf generated by initdb to "peer"for local (if supported, else "md5") and "md5" for host.(Changing from "md5" to SCRAM is left as a separate exercise.)"peer" is currently not supported on AIX, HP-UX, and Windows. Userson those operating systems will now either have to provide a passwordto initdb or choose a different authentication method when runninginitdb.Reviewed-by: Julien Rouhaud <rjuju123@gmail.com>Discussion:https://www.postgresql.org/message-id/flat/bec17f0a-ddb1-8b95-5e69-368d9d0a3390%40postgresql.org

1 parent1e6a759 commit09f0893Copy full SHA for 09f0893

File tree

6 files changed

+41

-46

lines changed

doc/src/sgml
src
- bin/initdb
  - initdb.c
- include
  - port.h
- test/regress
  - pg_regress.c

6 files changed

+41

-46

lines changed

`‎doc/src/sgml/ref/initdb.sgml`

Lines changed: 16 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -136,9 +136,24 @@ PostgreSQL documentation`
`136`	`136`	`replication connections.`
`137`	`137`	`</para>`
`138`	`138`
	`139`	`+ <para>`
	`140`	`+ The default is <literal>peer</literal> for Unix-domain socket`
	`141`	`+ connections on operating systems that support it, otherwise`
	`142`	`+ <literal>md5</literal>, and <literal>md5</literal> for TCP/IP`
	`143`	`+ connections.`
	`144`	`+ </para>`
	`145`	`+`
	`146`	`+ <para>`
	`147`	`+ When running <command>initdb</command> on a platform that does not`
	`148`	`+ support <literal>peer</literal> authentication, either a password must`
	`149`	`+ be provided (see <option>-W</option> and other options) or a different`
	`150`	`+ authentication method must be chosen, otherwise`
	`151`	`+ <command>initdb</command> will error.`
	`152`	`+ </para>`
	`153`	`+`
`139`	`154`	`<para>`
`140`	`155`	`Do not use <literal>trust</literal> unless you trust all local users on your`
`141`		`- system. <literal>trust</literal> is the default for ease of installation.`
	`156`	`+ system.`
`142`	`157`	`</para>`
`143`	`158`	`</listitem>`
`144`	`159`	`</varlistentry>`

`‎doc/src/sgml/runtime.sgml`

Lines changed: 9 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -156,24 +156,19 @@ postgres$ <userinput>initdb -D /usr/local/pgsql/data</userinput>`
`156`	`156`	`</para>`
`157`	`157`
`158`	`158`	`<para>`
`159`		`- However, while the directory contents are secure, the default`
`160`		`- client authentication setup allows any local user to connect to the`
`161`		`- database and even become the database superuser. If you do not`
`162`		`- trust other local users, we recommend you use one of`
	`159`	`+ The default client authentication setup is such that users can connect over`
	`160`	`+ the Unix-domain socket to the same database user name as their operating`
	`161`	`+ system user names (on operating systems that support this, which are most`
	`162`	`+ modern Unix-like systems, but not Windows) and otherwise with a password.`
	`163`	`+ To assign a password to the initial database superuser, use one of`
`163`	`164`	`<command>initdb</command>'s <option>-W</option>, <option>--pwprompt</option>`
`164`		`- or <option>--pwfile</option> options to assign a password to the`
`165`		`- database superuser.<indexterm>`
	`165`	`+ or <option>--pwfile</option> options.<indexterm>`
`166`	`166`	`<primary>password</primary>`
`167`	`167`	`<secondary>of the superuser</secondary>`
`168`	`168`	`</indexterm>`
`169`		`- Also, specify <option>-A md5</option> or`
`170`		`- <option>-A password</option> so that the default <literal>trust</literal> authentication`
`171`		`- mode is not used; or modify the generated <filename>pg_hba.conf</filename>`
`172`		`- file after running <command>initdb</command>, but`
`173`		`- <emphasis>before</emphasis> you start the server for the first time. (Other`
`174`		`- reasonable approaches include using <literal>peer</literal> authentication`
`175`		`- or file system permissions to restrict connections. See <xref`
`176`		`- linkend="client-authentication"/> for more information.)`
	`169`	`+ This configuration is secure and sufficient to get started. Later, see`
	`170`	`+ <xref linkend="client-authentication"/> for more information about setting`
	`171`	`+ up client authentication.`
`177`	`172`	`</para>`
`178`	`173`
`179`	`174`	`<para>`

`‎doc/src/sgml/standalone-install.xml`

Lines changed: 0 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -63,15 +63,6 @@ postgres$ <userinput>/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data</useri`
`63`	`63`	`</para>`
`64`	`64`	`</step>`
`65`	`65`
`66`		`- <step>`
`67`		`- <para>`
`68`		`- At this point, if you did not use the <command>initdb</command> <literal>-A</literal>`
`69`		`- option, you might want to modify <filename>pg_hba.conf</filename> to control`
`70`		`- local access to the server before you start it. The default is to`
`71`		`- trust all local users.`
`72`		`- </para>`
`73`		`- </step>`
`74`		`-`
`75`	`66`	`<step>`
`76`	`67`	`<para>`
`77`	`68`	`The previous <command>initdb</command> step should have told you how to`

`‎src/bin/initdb/initdb.c`

Lines changed: 10 additions & 21 deletions

Original file line number	Diff line number	Diff line change
`@@ -185,7 +185,6 @@ static const char *default_timezone = NULL;`
`185`	`185`	`"# allows any local user to connect as any PostgreSQL user, including\n" \`
`186`	`186`	`"# the database superuser. If you do not trust all your local users,\n" \`
`187`	`187`	`"# use another authentication method.\n"`
`188`		`-staticboolauthwarning= false;`
`189`	`188`
`190`	`189`	`/*`
`191`	`190`	`* Centralized knowledge of switches to pass to backend`
`@@ -2391,16 +2390,6 @@ usage(const char *progname)`
`2391`	`2390`	`printf(_("\nReport bugs to <pgsql-bugs@lists.postgresql.org>.\n"));`
`2392`	`2391`	`}`
`2393`	`2392`
`2394`		`-staticvoid`
`2395`		`-check_authmethod_unspecified(constchar**authmethod)`
`2396`		`-{`
`2397`		`-if (*authmethod==NULL)`
`2398`		`-{`
`2399`		`-authwarning= true;`
`2400`		`-*authmethod="trust";`
`2401`		`-}`
`2402`		`-}`
`2403`		`-`
`2404`	`2393`	`staticvoid`
`2405`	`2394`	`check_authmethod_valid(constcharauthmethod,constcharconstvalid_methods,constcharconntype)`
`2406`	`2395`	`{`
`@@ -3248,8 +3237,16 @@ main(int argc, char *argv[])`
`3248`	`3237`	`exit(1);`
`3249`	`3238`	`}`
`3250`	`3239`
`3251`		`-check_authmethod_unspecified(&authmethodlocal);`
`3252`		`-check_authmethod_unspecified(&authmethodhost);`
	`3240`	`+if (authmethodlocal==NULL)`
	`3241`	`+{`
	`3242`	`+#ifdefHAVE_AUTH_PEER`
	`3243`	`+authmethodlocal="peer";`
	`3244`	`+#else`
	`3245`	`+authmethodlocal="md5";`
	`3246`	`+#endif`
	`3247`	`+}`
	`3248`	`+if (authmethodhost==NULL)`
	`3249`	`+authmethodhost="md5";`
`3253`	`3250`
`3254`	`3251`	`check_authmethod_valid(authmethodlocal,auth_methods_local,"local");`
`3255`	`3252`	`check_authmethod_valid(authmethodhost,auth_methods_host,"host");`
`@@ -3332,14 +3329,6 @@ main(int argc, char *argv[])`
`3332`	`3329`	`else`
`3333`	`3330`	`printf(_("\nSync to disk skipped.\nThe data directory might become corrupt if the operating system crashes.\n"));`
`3334`	`3331`
`3335`		`-if (authwarning)`
`3336`		`-{`
`3337`		`-printf("\n");`
`3338`		`-pg_log_warning("enabling \"trust\" authentication for local connections");`
`3339`		`-fprintf(stderr,_("You can change this by editing pg_hba.conf or using the option -A, or\n"`
`3340`		`-"--auth-local and --auth-host, the next time you run initdb.\n"));`
`3341`		`-}`
`3342`		`-`
`3343`	`3332`	`/*`
`3344`	`3333`	`* Build up a shell command to tell the user how to start the server`
`3345`	`3334`	`*/`

`‎src/include/port.h`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -361,6 +361,11 @@ extern intfls(int mask);`
`361`	`361`	`externintgetpeereid(intsock,uid_tuid,gid_tgid);`
`362`	`362`	`#endif`
`363`	`363`
	`364`	`+/* must match src/port/getpeereid.c */`
	`365`	`+#if defined(HAVE_GETPEEREID)\|\| defined(SO_PEERCRED)\|\| defined(LOCAL_PEERCRED)\|\| defined(HAVE_GETPEERUCRED)`
	`366`	`+#defineHAVE_AUTH_PEER 1`
	`367`	`+#endif`
	`368`	`+`
`364`	`369`	`#ifndefHAVE_ISINF`
`365`	`370`	`externintisinf(doublex);`
`366`	`371`	`#else`

`‎src/test/regress/pg_regress.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -2302,7 +2302,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc`
`2302`	`2302`	`/* initdb */`
`2303`	`2303`	`header(_("initializing database system"));`
`2304`	`2304`	`snprintf(buf,sizeof(buf),`
`2305`		`-"\"%s%sinitdb\" -D \"%s/data\" --no-clean --no-sync%s%s > \"%s/log/initdb.log\" 2>&1",`
	`2305`	`+"\"%s%sinitdb\" -D \"%s/data\" -A trust --no-clean --no-sync%s%s > \"%s/log/initdb.log\" 2>&1",`
`2306`	`2306`	`bindir ?bindir :"",`
`2307`	`2307`	`bindir ?"/" :"",`
`2308`	`2308`	`temp_instance,`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit09f0893

File tree

6 files changed

6 files changed

`‎doc/src/sgml/ref/initdb.sgml`

`‎doc/src/sgml/runtime.sgml`

`‎doc/src/sgml/standalone-install.xml`

`‎src/bin/initdb/initdb.c`

`‎src/include/port.h`

`‎src/test/regress/pg_regress.c`

0 commit comments