diff options
-rw-r--r-- | doc/src/sgml/ref/initdb.sgml | 17 | ||||
-rw-r--r-- | doc/src/sgml/runtime.sgml | 23 | ||||
-rw-r--r-- | doc/src/sgml/standalone-install.xml | 9 | ||||
-rw-r--r-- | src/bin/initdb/initdb.c | 31 | ||||
-rw-r--r-- | src/include/port.h | 5 | ||||
-rw-r--r-- | src/test/regress/pg_regress.c | 2 |
6 files changed, 46 insertions, 41 deletions
diff --git a/doc/src/sgml/ref/initdb.sgml b/doc/src/sgml/ref/initdb.sgml index 74b994b6498..da5c8f53075 100644 --- a/doc/src/sgml/ref/initdb.sgml +++ b/doc/src/sgml/ref/initdb.sgml @@ -137,23 +137,8 @@ PostgreSQL documentation </para> <para> - The default is <literal>peer</literal> for Unix-domain socket - connections on operating systems that support it, otherwise - <literal>md5</literal>, and <literal>md5</literal> for TCP/IP - connections. - </para> - - <para> - When running <command>initdb</command> on a platform that does not - support <literal>peer</literal> authentication, either a password must - be provided (see <option>-W</option> and other options) or a different - authentication method must be chosen, otherwise - <command>initdb</command> will error. - </para> - - <para> Do not use <literal>trust</literal> unless you trust all local users on your - system. + system. <literal>trust</literal> is the default for ease of installation. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 305698aa0e7..365ec75aad8 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -156,19 +156,24 @@ postgres$ <userinput>initdb -D /usr/local/pgsql/data</userinput> </para> <para> - The default client authentication setup is such that users can connect over - the Unix-domain socket to the same database user name as their operating - system user names (on operating systems that support this, which are most - modern Unix-like systems, but not Windows) and otherwise with a password. - To assign a password to the initial database superuser, use one of + However, while the directory contents are secure, the default + client authentication setup allows any local user to connect to the + database and even become the database superuser. If you do not + trust other local users, we recommend you use one of <command>initdb</command>'s <option>-W</option>, <option>--pwprompt</option> - or <option>--pwfile</option> options.<indexterm> + or <option>--pwfile</option> options to assign a password to the + database superuser.<indexterm> <primary>password</primary> <secondary>of the superuser</secondary> </indexterm> - This configuration is secure and sufficient to get started. Later, see - <xref linkend="client-authentication"/> for more information about setting - up client authentication. + Also, specify <option>-A md5</option> or + <option>-A password</option> so that the default <literal>trust</literal> authentication + mode is not used; or modify the generated <filename>pg_hba.conf</filename> + file after running <command>initdb</command>, but + <emphasis>before</emphasis> you start the server for the first time. (Other + reasonable approaches include using <literal>peer</literal> authentication + or file system permissions to restrict connections. See <xref + linkend="client-authentication"/> for more information.) </para> <para> diff --git a/doc/src/sgml/standalone-install.xml b/doc/src/sgml/standalone-install.xml index 749a071061a..f584789f9a4 100644 --- a/doc/src/sgml/standalone-install.xml +++ b/doc/src/sgml/standalone-install.xml @@ -65,6 +65,15 @@ postgres$ <userinput>/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data</useri <step> <para> + At this point, if you did not use the <command>initdb</command> <literal>-A</literal> + option, you might want to modify <filename>pg_hba.conf</filename> to control + local access to the server before you start it. The default is to + trust all local users. + </para> + </step> + + <step> + <para> The previous <command>initdb</command> step should have told you how to start up the database server. Do so now. The command should look something like: diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c index 4bda023e577..04d77ad7006 100644 --- a/src/bin/initdb/initdb.c +++ b/src/bin/initdb/initdb.c @@ -185,6 +185,7 @@ static const char *default_timezone = NULL; "# allows any local user to connect as any PostgreSQL user, including\n" \ "# the database superuser. If you do not trust all your local users,\n" \ "# use another authentication method.\n" +static bool authwarning = false; /* * Centralized knowledge of switches to pass to backend @@ -2391,6 +2392,16 @@ usage(const char *progname) } static void +check_authmethod_unspecified(const char **authmethod) +{ + if (*authmethod == NULL) + { + authwarning = true; + *authmethod = "trust"; + } +} + +static void check_authmethod_valid(const char *authmethod, const char *const *valid_methods, const char *conntype) { const char *const *p; @@ -3237,16 +3248,8 @@ main(int argc, char *argv[]) exit(1); } - if (authmethodlocal == NULL) - { -#ifdef HAVE_AUTH_PEER - authmethodlocal = "peer"; -#else - authmethodlocal = "md5"; -#endif - } - if (authmethodhost == NULL) - authmethodhost = "md5"; + check_authmethod_unspecified(&authmethodlocal); + check_authmethod_unspecified(&authmethodhost); check_authmethod_valid(authmethodlocal, auth_methods_local, "local"); check_authmethod_valid(authmethodhost, auth_methods_host, "host"); @@ -3329,6 +3332,14 @@ main(int argc, char *argv[]) else printf(_("\nSync to disk skipped.\nThe data directory might become corrupt if the operating system crashes.\n")); + if (authwarning) + { + printf("\n"); + pg_log_warning("enabling \"trust\" authentication for local connections"); + fprintf(stderr, _("You can change this by editing pg_hba.conf or using the option -A, or\n" + "--auth-local and --auth-host, the next time you run initdb.\n")); + } + /* * Build up a shell command to tell the user how to start the server */ diff --git a/src/include/port.h b/src/include/port.h index 2536a2586c5..b5c03d912b0 100644 --- a/src/include/port.h +++ b/src/include/port.h @@ -361,11 +361,6 @@ extern int fls(int mask); extern int getpeereid(int sock, uid_t *uid, gid_t *gid); #endif -/* must match src/port/getpeereid.c */ -#if defined(HAVE_GETPEEREID) || defined(SO_PEERCRED) || defined(LOCAL_PEERCRED) || defined(HAVE_GETPEERUCRED) -#define HAVE_AUTH_PEER 1 -#endif - #ifndef HAVE_ISINF extern int isinf(double x); #else diff --git a/src/test/regress/pg_regress.c b/src/test/regress/pg_regress.c index 4e524b22ca2..117a9544eaf 100644 --- a/src/test/regress/pg_regress.c +++ b/src/test/regress/pg_regress.c @@ -2302,7 +2302,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc /* initdb */ header(_("initializing database system")); snprintf(buf, sizeof(buf), - "\"%s%sinitdb\" -D \"%s/data\" -A trust --no-clean --no-sync%s%s > \"%s/log/initdb.log\" 2>&1", + "\"%s%sinitdb\" -D \"%s/data\" --no-clean --no-sync%s%s > \"%s/log/initdb.log\" 2>&1", bindir ? bindir : "", bindir ? "/" : "", temp_instance, |