Java Reference
In-Depth Information
-bash-2.05b$ createuser mschwarz
Shall the new user be allowed to create databases? (y/n) y
Shall the new user be allowed to create more new users? (y/n) y
CREATE USER
-bash-2.05b$
Here, we created the PostgreSQL user
mschwarz
and gave him the ability
to create databases and new users.
14.9.3
Now that our username,
mschwarz
, has been created and is authorized to create
databases, we use the
createdb
command to create our database:
Creating Our Database
[mschwarz@cassidy mschwarz]$ createdb budgetPro
CREATE DATABASE
Notice that we did this as the Linux user
mschwarz
, so the
createdb
command used that username when it created the
budgetPro
database. What
would have happened if we had used a Linux user that did not have a matching
PostgreSQL user? Let's see:
[albing@cassidy albing]$ createdb budgetPro
createdb: could not connect to database template1: \
FATAL: user "albing" does not exist
WARNING
Note that we have not implemented any security yet. The user
mschwarz
ex-
ists, but it does not have a password. Depending on how PostgreSQL security
is configured, it may be possible for any user to use the
-U
option with the
PostgreSQL command-line utilities to impersonate
mschwarz
. As packaged
for Fedora Core 2, PostgreSQL uses
ident
to check authentication, so when
albing
attempts this, he gets this error:
[albing@cassidy albing]$ createdb -U mschwarz budgetPro
createdb: could not connect to database template1: \
FATAL: IDENT authentication failed for user "mschwarz"
Just remember that this behavior is dependent on the local configuration
of PostgreSQL. You cannot assume this security is in place just because you
are in a PostgreSQL environment. Always be aware of the security configuration
of your production environment!
