su 到 postgres 用户
$ su - postgres Password: $ pwd /var/lib/postgresql $
备份配置文件,防止修改过程中损毁
cp /etc/postgresql/9.1/main/postgresql.conf /etc/postgresql/9.1/main/postgresql.conf.original cp /etc/postgresql/9.1/main/pg_hba.conf /etc/postgresql/9.1/main/pg_hba.conf.original
启用tcp/ip连接,去掉下面注释,修改为你需要的IP地址,默认为localhost
listen_addresses = 'localhost'
如果有多个网络适配器可以指定 'ip' 或 '*' 任何接口上的IP地址都可能listen.
$ sudo vim /etc/postgresql/9.1/main/postgresql.conf listen_addresses = '*'
pg_hba.conf配置文件的权限需要注意以下,-rw-r----- 1 postgres postgres 4649 Dec 5 18:00 pg_hba.conf
$ ll /etc/postgresql/9.1/main/ total 52 drwxr-xr-x 2 postgres postgres 4096 Dec 6 09:40 ./ drwxr-xr-x 3 postgres postgres 4096 Dec 5 18:00 ../ -rw-r--r-- 1 postgres postgres 316 Dec 5 18:00 environment -rw-r--r-- 1 postgres postgres 143 Dec 5 18:00 pg_ctl.conf -rw-r----- 1 postgres postgres 4649 Dec 5 18:00 pg_hba.conf -rw-r----- 1 postgres postgres 1636 Dec 5 18:00 pg_ident.conf -rw-r--r-- 1 postgres postgres 19259 Dec 5 18:00 postgresql.conf -rw-r--r-- 1 postgres postgres 378 Dec 5 18:00 start.conf
pg_hba.conf配置文件负责访问权限控制
# TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all peer # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5
- TYPE
-
local 本地使用unix/socket 方式连接, host 使用tcp/ip socket 方式连接
- DATABASE
-
数据库名.
- USER
-
用户名.
- ADDRESS
-
允许连接的IP地址,可以使用子网掩码.
- METHOD
-
认真加密方式.
下面我们做一个简单测试,首先配置pg_hba。conf文件
$ sudo vi /etc/postgresql/9.1/main/pg_hba.conf host * dba 0.0.0.0/0 md5 host test test 0.0.0.0/0 md5
运行创建数据,用户 的SQL语句
CREATE ROLE test LOGIN PASSWORD 'test' NOSUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE; CREATE DATABASE test WITH OWNER = test ENCODING = 'UTF8' TABLESPACE = pg_default;
进入psql
$ psql psql (9.1.6) Type "help" for help. postgres=# CREATE ROLE test LOGIN PASSWORD 'test' NOSUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE; CREATE ROLE postgres=# CREATE DATABASE test WITH OWNER = test ENCODING = 'UTF8' TABLESPACE = pg_default; CREATE DATABASE postgres=# \q
使用psql登录
$ psql -hlocalhost -Utest test
Password for user test:
psql (9.1.6)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.
test=> \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
test | test | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
(4 rows)
test=>
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。
