I have a database with an owner for it. My problem is that, though I have assigned a password for the owner, any other database user can access this database locally, even without a password.
How can I configure the database so that only a specific user has access to it (only with right password)?
Best Answer
You will have to edit your
pg_hba.conf
file. If you really want to reduce possible access to a single user (see the note below), you will need the following lines, and only these:This means that only
dbowner
will have access to any DB, logging in via the Unix socket or a TCP connection (from all addresses, includinglocalhost
). You can replace 'all' with your DB name if you want to limit access to a single DB.After having edited the file, you will have to reload the config - depending on your system, do a
pg_ctl reload
orkill -HUP <postmaster_pid>
, or do this form inside the DB, by callingPlease note that in the future you might want to do certain things that need rights
dbowner
may not have (be itSUPERUSER
,CREATEUSER
or something else). Depending on the policy you follow, you'll have to edit the file again to allow further access to a user (eg.postgres
) that has the necessary privileges, or you have to assign these todbowner
before closing the door on other users.