release notes | Book: 1.9.5, 1.9.12 (opt, FHS), 2.6 (FHS), 2.7 (FHS), 2.8 (FHS), 2.9 (FHS), 2.10 (FHS), 2.11 (FHS), | Wiki | Q&A black_bg
Web: Multi-page, Single page | PDF: A4-size, Letter-size | eBook: epub black_bg

Configuring Access to PostgreSQL

In the installation guide instructions are given for configuring one PostgreSQL server on the admin node for all the above described purposes with generous access rights. This is done to make the installation as easy as possible. The access rights are configured in the file <database_directory_name>/data/pg_hba.conf. According to the installation guide the end of the file should look like

...
# TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
local   all         all                                             trust
host    all         all         127.0.0.1/32                        trust
host    all         all         ::1/128                             trust
host    all         all         <HostIP>/32          trust

This gives access to all databases in the PostgreSQL server to all users on the admin host.

The databases can be secured by restricting access with this file. E.g.

...
# TYPE  DATABASE    USER        IP-ADDRESS        METHOD
local   all         postgres                      ident sameuser
local   all         pnfsserver                    password
local   all         all                           md5
host    all         all         127.0.0.1/32      md5
host    all         all         ::1/128           md5
host    all         all         <HostIP>/32          md5

To make the server aware of this you need to reload the configuration file as the user postgres by:

[root] # su - postgres
[postgres] # pg_ctl reload

And the password for e.g. the user pnfsserver can be set with

[postgres] # psql template1 -c "ALTER USER pnfsserver WITH PASSWORD '<yourPassword>'"

The pnfs server is made aware of this password by changing the variable dbConnectString in the file /usr/etc/pnfsSetup:

...
export dbConnectString="user=pnfsserver password=<yourPassword>"

User access should be prohibited to this file with

[root] # chmod go-rwx /usr/etc/pnfsSetup