Postgresql 用户管理
一, 设置超级用户密码
1 修改 pg_hba.conf 使超级用户postgres 可以登录到数据库中
host all all 127.0.0.1/32 trust
2 修改 postgres 密码
$psql -U postgres -h 127.0.0.1 psql (9.6.4) Type "help" for help. postgres=# ALTER USER postgres WITH PASSWORD 'new password';
ALTER ROLE
3 修改 pg_hba.conf 访问方式 md5
host all all 127.0.0.1/32 md5
常用 ident 默认 与 indent.conf 配合使用
trust 信任 不需要密码
reject 拒绝
password 密码访问 明码
md5 密码访问 加密**
4 测试登录
psql -U postgres -h 127.0.0.1 Password for user postgres: psql (9.6.4) Type "help" for help. postgres=#
二,新建用户及授权
在postgres 中 user 和 role 没有区别,user比role多了一个login访问权限
postgres=# CREATE USER user1; CREATE ROLE postgres=# CREATE database db1; CREATE DATABASE postgres=# GRANT ALL ON DATABASE db1 TO user1 ; GRANT
postgres=# REVOKE ALL ON DATABASE db1 FROM user1;
REVOKE
postgres=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-------------------+----------+----------+-------------+-------------+-----------------------
db1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres +
| | | | | postgres=CTc/postgres+
| | | | | user1=CTc/postgres
修改用户系统权限
postgres=# alter user db1 with superuser;
postgres=#\dg or \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
user1 | Superuser | {}
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
postgres=# select * from pg_shadow ;
usename | usesysid | usecreatedb | usesuper | userepl | usebypassrls | passwd | valuntil | useconfig
----------+----------+-------------+----------+---------+--------------+-------------------------------------+----------+-----------
postgres | 10 | t | t | t | t | | |
user1 | 23981 | f | f | f | f | md5c1e4e02e1d5d60f463ab88f676383fb6 | |