[Dbconfig-common-devel] Re: Best practice for allowing access to a
postgres db
sean finney
seanius at debian.org
Sun Oct 2 13:35:36 UTC 2005
On Sun, Oct 02, 2005 at 01:08:26PM +0200, Martin Pitt wrote:
> > what would be the best way to detect that, btw?
>
> Currently with "pg_lsclusters". I can add some formatting arguments to
> it if necessary, right now there is only the default output:
>
> $ pg_lsclusters
> Version Cluster Port Status Owner Data directory Log file
> 7.4 test 5433 online postgres /var/lib/postgresql/7.4/test /var/log/postgresql/postgresql-7.4-test.log
> 8.0 main 5432 online postgres /var/lib/postgresql/8.0/main /var/log/postgresql/postgresql-8.0-main.log
cool, i'll see what a little sed can do.
On Sun, Oct 02, 2005 at 01:10:04PM +0200, Martin Pitt wrote:
> > with --add, pg_test_hba would base its exit status on whether the
> > line needed to be added, and vice versa for --remove (so when a package
> > is removed, the admin could ismilarly be prompted).
>
> Hm, so that would merely invert the exit code? Why can't you just
> invert the exit code interpretation?
guess i could. or at least wrt the 0/1 part, but 2 would be the
same in either case.
> mysql only communicates over TCP? I didn't know that... Well, the nice
> thing about a Unix socket is that it makes authentication very easy.
> :-)
not exactly. if you tell mysql to connect via localhost (or 127.0.0.1),
it will force you to use a socket. kind of weird.
sean
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/dbconfig-common-devel/attachments/20051002/4b9bd6f0/attachment.pgp
More information about the Dbconfig-common-devel
mailing list