Access by 1000 users to view postgres tables without recreating accounts? 
Author Message
 Access by 1000 users to view postgres tables without recreating accounts?

Can one permit numerous users to view Postgresql tables (subject to per
table permissions, of course), yet not need to recreate password entries
for Postgresql's mostly duplication of /etc/passwd.
That is, given one already administers 1000 users,
can one keep the extra administration time for 1000 viewers
of Postgresql tables low?

It seems reasonable that any Postgresql table with access for everyone
should be readable by anyone without postgres acting as a gatekeeper
prohibiting most people even initial Postgresql access.
I do not feel it is reasonable that I should need to recreate password
information for 1000 users to satisfy Postgresql when the
/etc/passwd information of all 1000 users is already available
at the system level (even though this could be automated).

I am willing to spend effort giving permissions for people who will
create/alter Postgresql tables, but I do not feel I ought to spend
any effort accomodating system user files into Postgresql when people
will only view (read) Postgresql tables.
Yes, I could obliterate security, as I currently do, with
    host  all  0.0.0.0  0.0.0.0   trust
but this is the other unacceptable extreme.
I am left with two choices,
1. Go to enormous incessant work accomodating 1000 users.
2. Allow 1000 users to obliterate each others Postgresql tables.

Did I miss a commonly used trick to accomodate 1000 users viewing
Postgresql tables?
In most server/client arrangements as for sound or webpages,
the server's main purpose is to provide needed permissions;
but in the Postgresql daemon,
I see no lessening of needed user permissions!
The postgres daemon seems to increase access speed,
but does not seem to make user access easier
on either the administrator or the user.
Perhaps people use a second server for such situations; eg, an apache
server using a username acceptable to Postgresql (though one would hope
for some commandline access).
I have merely tried psql access.

For 2 years, I have read hundreds of pages on PostgreSQL,
including official html and postscript documents,
books like "PostgreSQL: Introduction and Concepts"  and
"Practical PostgreSQL", and email archives.
While these documents have taught me much about using PostgreSQL,
I have not gone beyond treating PostgreSQL as more than a plaything
until I can get other users to view Postgresql tables
without exhorbitant time administering users.

Any suggestions?

Probably irrelevant conditions:
   I run Debian Linux 3.0
   I run Postgresql   7.2.1
--
Jameson C. Burt, NJ9L   Fairfax, {*filter*}ia, USA

(202) 690-0380 (work)

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command



Fri, 05 Nov 2004 22:08:55 GMT
 Access by 1000 users to view postgres tables without recreating accounts?


Quote:
> Can one permit numerous users to view Postgresql tables (subject to per
> table permissions, of course), yet not need to recreate password entries
> for Postgresql's mostly duplication of /etc/passwd.

Let them all log in as a "guest" postgres user.  There is no good reason
to insist on a one-to-one correspondence of PG user identities and Unix
user identities.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command



Fri, 05 Nov 2004 23:25:48 GMT
 Access by 1000 users to view postgres tables without recreating accounts?
Can one permit numerous users to view Postgresql tables (subject to per
table permissions, of course), yet not need to recreate password entries
for Postgresql's mostly duplication of /etc/passwd.
That is, given one already administers 1000 users,
can one keep the extra administration time for 1000 viewers
of Postgresql tables low?

It seems reasonable that any Postgresql table with access for everyone
should be readable by anyone without postgres acting as a gatekeeper
prohibiting most people even initial Postgresql access.
I do not feel it is reasonable that I should need to recreate password
information for 1000 users to satisfy Postgresql when the
/etc/passwd information of all 1000 users is already available
at the system level (even though this could be automated).

I am willing to spend effort giving permissions for people who will
create/alter Postgresql tables, but I do not feel I ought to spend
any effort accomodating system user files into Postgresql when people
will only view (read) Postgresql tables.
Yes, I could obliterate security, as I currently do, with
    host  all  0.0.0.0  0.0.0.0   trust
but this is the other unacceptable extreme.
I am left with two choices,
1. Go to enormous incessant work accomodating 1000 users.
2. Allow 1000 users to obliterate each others Postgresql tables.

Did I miss a commonly used trick to accomodate 1000 users viewing
Postgresql tables?
In most server/client arrangements as for sound or webpages,
the server's main purpose is to provide needed permissions;
but in the Postgresql daemon,
I see no lessening of needed user permissions!
The postgres daemon seems to increase access speed,
but does not seem to make user access easier
on either the administrator or the user.
Perhaps people use a second server for such situations; eg, an apache
server using a username acceptable to Postgresql (though one would hope
for some commandline access).
I have merely tried psql access.

For 2 years, I have read hundreds of pages on PostgreSQL,
including official html and postscript documents,
books like "PostgreSQL: Introduction and Concepts"  and
"Practical PostgreSQL", and email archives.
While these documents have taught me much about using PostgreSQL,
I have not gone beyond treating PostgreSQL as more than a plaything
until I can get other users to view Postgresql tables
without exhorbitant time administering users.

Any suggestions?

Probably irrelevant conditions:
   I run Debian Linux 3.0
   I run Postgresql   7.2.1
--
Jameson C. Burt, NJ9L   Fairfax, {*filter*}ia, USA

(202) 690-0380 (work)

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://www.***.com/



Sat, 06 Nov 2004 08:54:09 GMT
 
 [ 3 post ] 

 Relevant Pages 

1. Changing user names without recreating accounts

2. 4000 users in a 1000 user bag.

3. Accessing another user's table without qualifying table name with the owner-name

4. modify table structure without recreate publication and distribuiton

5. Dropping Foreign Key without recreating table

6. A Varchar(1000) field vs 1000 Bit fields

7. MTS, Tuxedo, 1000 users, connections

8. 1000 concurrent users?

9. adding users without the 'sa' account

10. Oracle 8i server for 1000 users, what choice ?

11. MTS, Tuxedo, 1000 users, connections

12. Performance on returning 1000+ records from user function


 
Powered by phpBB® Forum Software