0

I just installed postgresql on my mac (lion) using homebrew, and when I use the psql postgres (or any other database), it automatically logs me in.

Funny thing is, even if change the password once in psql using the \password command, it still just lets me in without prompting me for a password.

It also shows my user name (same user name as my mac os login) as the owner.

Is there a way to secure things a bit more?

Improve this question

1 Answer 1

Reset to default
3

Postgresql is most likely configured to trust anyone. This is configured int the file pg_hba.conf which is located in the data directory of postgresql. I do not know where homebrew places the data dir. However if you issue the following command in a terminal:

ps aux | grep postmaster

you will get a response like:

postgres          63   0,0  0,1  2472288   4888   ??  Ss   12:19pm   0:00.85 /Library/PostgreSQL/9.0/bin/postmaster -D/Library/PostgreSQL/9.0/data

The part after -D is the location of your data directory. You might have to resize your terminal to make it fit.

Open the pg_hba.conf with your favorite editor like:

sudo vi <datadir>/pg_hba.conf

The file contains (on all installations I have seen) a fair bit of comment describing the settings. The actual settings are a the bottom of the file. I suspect that one or more of those lines end in trust. Change these into md5 to get password verification.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

The easy way to find the pg_hba.conf file is to connect and execute show pg_hba.conf;. Documentation for the file is postgresql.org/docs/current/interactive/auth-pg-hba-conf.html
@kgrittn: that doesn't work for me. But it gave me the idea to look for what it could show and this one is helpful show data_directory;
Sorry about that; caffeine hadn't really kicked in. What I meant to type was `show hba_file;'. The file may or may not be in the data directory -- some packaged distributions put all configuration files in or under the /etc/ directory.
I was able to find the file using the 'show data_directory;' command. I modified everything at the bottom to md5, but it still lets me in. Do I need to reboot?
BTW, the directory I found it in was: /usr/local/var/postgres

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.