aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/src/sgml/ref/initdb.sgml17
-rw-r--r--doc/src/sgml/runtime.sgml23
-rw-r--r--doc/src/sgml/standalone-install.xml9
-rw-r--r--src/bin/initdb/initdb.c31
-rw-r--r--src/include/port.h5
-rw-r--r--src/test/regress/pg_regress.c2
6 files changed, 46 insertions, 41 deletions
diff --git a/doc/src/sgml/ref/initdb.sgml b/doc/src/sgml/ref/initdb.sgml
index 74b994b6498..da5c8f53075 100644
--- a/doc/src/sgml/ref/initdb.sgml
+++ b/doc/src/sgml/ref/initdb.sgml
@@ -137,23 +137,8 @@ PostgreSQL documentation
</para>
<para>
- The default is <literal>peer</literal> for Unix-domain socket
- connections on operating systems that support it, otherwise
- <literal>md5</literal>, and <literal>md5</literal> for TCP/IP
- connections.
- </para>
-
- <para>
- When running <command>initdb</command> on a platform that does not
- support <literal>peer</literal> authentication, either a password must
- be provided (see <option>-W</option> and other options) or a different
- authentication method must be chosen, otherwise
- <command>initdb</command> will error.
- </para>
-
- <para>
Do not use <literal>trust</literal> unless you trust all local users on your
- system.
+ system. <literal>trust</literal> is the default for ease of installation.
</para>
</listitem>
</varlistentry>
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 305698aa0e7..365ec75aad8 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -156,19 +156,24 @@ postgres$ <userinput>initdb -D /usr/local/pgsql/data</userinput>
</para>
<para>
- The default client authentication setup is such that users can connect over
- the Unix-domain socket to the same database user name as their operating
- system user names (on operating systems that support this, which are most
- modern Unix-like systems, but not Windows) and otherwise with a password.
- To assign a password to the initial database superuser, use one of
+ However, while the directory contents are secure, the default
+ client authentication setup allows any local user to connect to the
+ database and even become the database superuser. If you do not
+ trust other local users, we recommend you use one of
<command>initdb</command>'s <option>-W</option>, <option>--pwprompt</option>
- or <option>--pwfile</option> options.<indexterm>
+ or <option>--pwfile</option> options to assign a password to the
+ database superuser.<indexterm>
<primary>password</primary>
<secondary>of the superuser</secondary>
</indexterm>
- This configuration is secure and sufficient to get started. Later, see
- <xref linkend="client-authentication"/> for more information about setting
- up client authentication.
+ Also, specify <option>-A md5</option> or
+ <option>-A password</option> so that the default <literal>trust</literal> authentication
+ mode is not used; or modify the generated <filename>pg_hba.conf</filename>
+ file after running <command>initdb</command>, but
+ <emphasis>before</emphasis> you start the server for the first time. (Other
+ reasonable approaches include using <literal>peer</literal> authentication
+ or file system permissions to restrict connections. See <xref
+ linkend="client-authentication"/> for more information.)
</para>
<para>
diff --git a/doc/src/sgml/standalone-install.xml b/doc/src/sgml/standalone-install.xml
index 749a071061a..f584789f9a4 100644
--- a/doc/src/sgml/standalone-install.xml
+++ b/doc/src/sgml/standalone-install.xml
@@ -65,6 +65,15 @@ postgres$ <userinput>/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data</useri
<step>
<para>
+ At this point, if you did not use the <command>initdb</command> <literal>-A</literal>
+ option, you might want to modify <filename>pg_hba.conf</filename> to control
+ local access to the server before you start it. The default is to
+ trust all local users.
+ </para>
+ </step>
+
+ <step>
+ <para>
The previous <command>initdb</command> step should have told you how to
start up the database server. Do so now. The command should look
something like:
diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
index 4bda023e577..04d77ad7006 100644
--- a/src/bin/initdb/initdb.c
+++ b/src/bin/initdb/initdb.c
@@ -185,6 +185,7 @@ static const char *default_timezone = NULL;
"# allows any local user to connect as any PostgreSQL user, including\n" \
"# the database superuser. If you do not trust all your local users,\n" \
"# use another authentication method.\n"
+static bool authwarning = false;
/*
* Centralized knowledge of switches to pass to backend
@@ -2391,6 +2392,16 @@ usage(const char *progname)
}
static void
+check_authmethod_unspecified(const char **authmethod)
+{
+ if (*authmethod == NULL)
+ {
+ authwarning = true;
+ *authmethod = "trust";
+ }
+}
+
+static void
check_authmethod_valid(const char *authmethod, const char *const *valid_methods, const char *conntype)
{
const char *const *p;
@@ -3237,16 +3248,8 @@ main(int argc, char *argv[])
exit(1);
}
- if (authmethodlocal == NULL)
- {
-#ifdef HAVE_AUTH_PEER
- authmethodlocal = "peer";
-#else
- authmethodlocal = "md5";
-#endif
- }
- if (authmethodhost == NULL)
- authmethodhost = "md5";
+ check_authmethod_unspecified(&authmethodlocal);
+ check_authmethod_unspecified(&authmethodhost);
check_authmethod_valid(authmethodlocal, auth_methods_local, "local");
check_authmethod_valid(authmethodhost, auth_methods_host, "host");
@@ -3329,6 +3332,14 @@ main(int argc, char *argv[])
else
printf(_("\nSync to disk skipped.\nThe data directory might become corrupt if the operating system crashes.\n"));
+ if (authwarning)
+ {
+ printf("\n");
+ pg_log_warning("enabling \"trust\" authentication for local connections");
+ fprintf(stderr, _("You can change this by editing pg_hba.conf or using the option -A, or\n"
+ "--auth-local and --auth-host, the next time you run initdb.\n"));
+ }
+
/*
* Build up a shell command to tell the user how to start the server
*/
diff --git a/src/include/port.h b/src/include/port.h
index 2536a2586c5..b5c03d912b0 100644
--- a/src/include/port.h
+++ b/src/include/port.h
@@ -361,11 +361,6 @@ extern int fls(int mask);
extern int getpeereid(int sock, uid_t *uid, gid_t *gid);
#endif
-/* must match src/port/getpeereid.c */
-#if defined(HAVE_GETPEEREID) || defined(SO_PEERCRED) || defined(LOCAL_PEERCRED) || defined(HAVE_GETPEERUCRED)
-#define HAVE_AUTH_PEER 1
-#endif
-
#ifndef HAVE_ISINF
extern int isinf(double x);
#else
diff --git a/src/test/regress/pg_regress.c b/src/test/regress/pg_regress.c
index 4e524b22ca2..117a9544eaf 100644
--- a/src/test/regress/pg_regress.c
+++ b/src/test/regress/pg_regress.c
@@ -2302,7 +2302,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
/* initdb */
header(_("initializing database system"));
snprintf(buf, sizeof(buf),
- "\"%s%sinitdb\" -D \"%s/data\" -A trust --no-clean --no-sync%s%s > \"%s/log/initdb.log\" 2>&1",
+ "\"%s%sinitdb\" -D \"%s/data\" --no-clean --no-sync%s%s > \"%s/log/initdb.log\" 2>&1",
bindir ? bindir : "",
bindir ? "/" : "",
temp_instance,