Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit 09f0893

Browse files
committed
initdb: Change authentication defaults
Change the defaults for the pg_hba.conf generated by initdb to "peer" for local (if supported, else "md5") and "md5" for host. (Changing from "md5" to SCRAM is left as a separate exercise.) "peer" is currently not supported on AIX, HP-UX, and Windows. Users on those operating systems will now either have to provide a password to initdb or choose a different authentication method when running initdb. Reviewed-by: Julien Rouhaud <rjuju123@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/bec17f0a-ddb1-8b95-5e69-368d9d0a3390%40postgresql.org
1 parent 1e6a759 commit 09f0893

File tree

6 files changed

+41
-46
lines changed

6 files changed

+41
-46
lines changed

doc/src/sgml/ref/initdb.sgml

+16-1
Original file line numberDiff line numberDiff line change
@@ -136,9 +136,24 @@ PostgreSQL documentation
136136
replication connections.
137137
</para>
138138

139+
<para>
140+
The default is <literal>peer</literal> for Unix-domain socket
141+
connections on operating systems that support it, otherwise
142+
<literal>md5</literal>, and <literal>md5</literal> for TCP/IP
143+
connections.
144+
</para>
145+
146+
<para>
147+
When running <command>initdb</command> on a platform that does not
148+
support <literal>peer</literal> authentication, either a password must
149+
be provided (see <option>-W</option> and other options) or a different
150+
authentication method must be chosen, otherwise
151+
<command>initdb</command> will error.
152+
</para>
153+
139154
<para>
140155
Do not use <literal>trust</literal> unless you trust all local users on your
141-
system. <literal>trust</literal> is the default for ease of installation.
156+
system.
142157
</para>
143158
</listitem>
144159
</varlistentry>

doc/src/sgml/runtime.sgml

+9-14
Original file line numberDiff line numberDiff line change
@@ -156,24 +156,19 @@ postgres$ <userinput>initdb -D /usr/local/pgsql/data</userinput>
156156
</para>
157157

158158
<para>
159-
However, while the directory contents are secure, the default
160-
client authentication setup allows any local user to connect to the
161-
database and even become the database superuser. If you do not
162-
trust other local users, we recommend you use one of
159+
The default client authentication setup is such that users can connect over
160+
the Unix-domain socket to the same database user name as their operating
161+
system user names (on operating systems that support this, which are most
162+
modern Unix-like systems, but not Windows) and otherwise with a password.
163+
To assign a password to the initial database superuser, use one of
163164
<command>initdb</command>'s <option>-W</option>, <option>--pwprompt</option>
164-
or <option>--pwfile</option> options to assign a password to the
165-
database superuser.<indexterm>
165+
or <option>--pwfile</option> options.<indexterm>
166166
<primary>password</primary>
167167
<secondary>of the superuser</secondary>
168168
</indexterm>
169-
Also, specify <option>-A md5</option> or
170-
<option>-A password</option> so that the default <literal>trust</literal> authentication
171-
mode is not used; or modify the generated <filename>pg_hba.conf</filename>
172-
file after running <command>initdb</command>, but
173-
<emphasis>before</emphasis> you start the server for the first time. (Other
174-
reasonable approaches include using <literal>peer</literal> authentication
175-
or file system permissions to restrict connections. See <xref
176-
linkend="client-authentication"/> for more information.)
169+
This configuration is secure and sufficient to get started. Later, see
170+
<xref linkend="client-authentication"/> for more information about setting
171+
up client authentication.
177172
</para>
178173

179174
<para>

doc/src/sgml/standalone-install.xml

-9
Original file line numberDiff line numberDiff line change
@@ -63,15 +63,6 @@ postgres$ <userinput>/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data</useri
6363
</para>
6464
</step>
6565

66-
<step>
67-
<para>
68-
At this point, if you did not use the <command>initdb</command> <literal>-A</literal>
69-
option, you might want to modify <filename>pg_hba.conf</filename> to control
70-
local access to the server before you start it. The default is to
71-
trust all local users.
72-
</para>
73-
</step>
74-
7566
<step>
7667
<para>
7768
The previous <command>initdb</command> step should have told you how to

src/bin/initdb/initdb.c

+10-21
Original file line numberDiff line numberDiff line change
@@ -185,7 +185,6 @@ static const char *default_timezone = NULL;
185185
"# allows any local user to connect as any PostgreSQL user, including\n" \
186186
"# the database superuser. If you do not trust all your local users,\n" \
187187
"# use another authentication method.\n"
188-
static bool authwarning = false;
189188

190189
/*
191190
* Centralized knowledge of switches to pass to backend
@@ -2391,16 +2390,6 @@ usage(const char *progname)
23912390
printf(_("\nReport bugs to <pgsql-bugs@lists.postgresql.org>.\n"));
23922391
}
23932392

2394-
static void
2395-
check_authmethod_unspecified(const char **authmethod)
2396-
{
2397-
if (*authmethod == NULL)
2398-
{
2399-
authwarning = true;
2400-
*authmethod = "trust";
2401-
}
2402-
}
2403-
24042393
static void
24052394
check_authmethod_valid(const char *authmethod, const char *const *valid_methods, const char *conntype)
24062395
{
@@ -3248,8 +3237,16 @@ main(int argc, char *argv[])
32483237
exit(1);
32493238
}
32503239

3251-
check_authmethod_unspecified(&authmethodlocal);
3252-
check_authmethod_unspecified(&authmethodhost);
3240+
if (authmethodlocal == NULL)
3241+
{
3242+
#ifdef HAVE_AUTH_PEER
3243+
authmethodlocal = "peer";
3244+
#else
3245+
authmethodlocal = "md5";
3246+
#endif
3247+
}
3248+
if (authmethodhost == NULL)
3249+
authmethodhost = "md5";
32533250

32543251
check_authmethod_valid(authmethodlocal, auth_methods_local, "local");
32553252
check_authmethod_valid(authmethodhost, auth_methods_host, "host");
@@ -3332,14 +3329,6 @@ main(int argc, char *argv[])
33323329
else
33333330
printf(_("\nSync to disk skipped.\nThe data directory might become corrupt if the operating system crashes.\n"));
33343331

3335-
if (authwarning)
3336-
{
3337-
printf("\n");
3338-
pg_log_warning("enabling \"trust\" authentication for local connections");
3339-
fprintf(stderr, _("You can change this by editing pg_hba.conf or using the option -A, or\n"
3340-
"--auth-local and --auth-host, the next time you run initdb.\n"));
3341-
}
3342-
33433332
/*
33443333
* Build up a shell command to tell the user how to start the server
33453334
*/

src/include/port.h

+5
Original file line numberDiff line numberDiff line change
@@ -361,6 +361,11 @@ extern int fls(int mask);
361361
extern int getpeereid(int sock, uid_t *uid, gid_t *gid);
362362
#endif
363363

364+
/* must match src/port/getpeereid.c */
365+
#if defined(HAVE_GETPEEREID) || defined(SO_PEERCRED) || defined(LOCAL_PEERCRED) || defined(HAVE_GETPEERUCRED)
366+
#define HAVE_AUTH_PEER 1
367+
#endif
368+
364369
#ifndef HAVE_ISINF
365370
extern int isinf(double x);
366371
#else

src/test/regress/pg_regress.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -2302,7 +2302,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
23022302
/* initdb */
23032303
header(_("initializing database system"));
23042304
snprintf(buf, sizeof(buf),
2305-
"\"%s%sinitdb\" -D \"%s/data\" --no-clean --no-sync%s%s > \"%s/log/initdb.log\" 2>&1",
2305+
"\"%s%sinitdb\" -D \"%s/data\" -A trust --no-clean --no-sync%s%s > \"%s/log/initdb.log\" 2>&1",
23062306
bindir ? bindir : "",
23072307
bindir ? "/" : "",
23082308
temp_instance,

0 commit comments

Comments
 (0)