Re: [HACKERS] Log operating system user connecting via unix socket

2016-01-27 Thread José Arthur Benetasso Villanova
Hi again. About the privileges, our support can create roles / databases, drop existing databases, dump /restore, change other users passwords. It's not feasible right now create a 1:1 map of system users and postgres users. Maybe in the future. I wrote 2 possible patches, both issuing a detail

Re: [HACKERS] Log operating system user connecting via unix socket

2016-01-27 Thread Stephen Frost
José, * José Arthur Benetasso Villanova (jose.art...@gmail.com) wrote: > I wrote 2 possible patches, both issuing a detail message only if > log_connections is enabled. > > The first one using the Stephen Frost suggestion, inside the Port struct (I > guess that this is the one, I coudn't find

[HACKERS] Log operating system user connecting via unix socket

2016-01-17 Thread José Arthur Benetasso Villanova
Greetings, gentlemen. Here in my work, we have about 100 PostgreSQL machines and about 20 users with superuser privileges. This group of 20 people change constantly, so it's cumbersome create a role for each. Instead, we map all of then in pg_ident.conf. The problem is: with current postgres

Re: [HACKERS] Log operating system user connecting via unix socket

2016-01-17 Thread Stephen Frost
José, * José Arthur Benetasso Villanova (jose.art...@gmail.com) wrote: > Here in my work, we have about 100 PostgreSQL machines and about 20 users > with superuser privileges. Sounds pretty common. What kind of superuser rights are they using? What is the minimum set of rights that are required

Re: [HACKERS] Log operating system user connecting via unix socket

2016-01-17 Thread Tom Lane
Stephen Frost writes: > What I think we really want here is logging of the general 'system > user' for all auth methods instead of only for the 'peer' method. Well, we don't really know that except in a small subset of auth methods. I agree that when we do know it, it's

Re: [HACKERS] Log operating system user connecting via unix socket

2016-01-17 Thread Stephen Frost
Tom, * Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost writes: > > What I think we really want here is logging of the general 'system > > user' for all auth methods instead of only for the 'peer' method. > > Well, we don't really know that except in a small subset of