aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBruce Momjian <bruce@momjian.us>1998-03-06 18:03:38 +0000
committerBruce Momjian <bruce@momjian.us>1998-03-06 18:03:38 +0000
commitba1d990cf7a62abe0fda40874e621efe61b8fbc0 (patch)
tree28778e187d26021b62ebb8e2c02bd38f40e14931
parentea89acc4d7f327366696410214cca2c9c11f773f (diff)
downloadpostgresql-ba1d990cf7a62abe0fda40874e621efe61b8fbc0.tar.gz
postgresql-ba1d990cf7a62abe0fda40874e621efe61b8fbc0.zip
pg_user cleanup.
-rw-r--r--src/backend/commands/user.c26
-rw-r--r--src/backend/libpq/pg_hba.conf.sample5
-rw-r--r--src/man/alter_user.l6
-rw-r--r--src/man/catalogs.36
-rw-r--r--src/man/create_user.l16
-rw-r--r--src/man/createuser.110
-rw-r--r--src/man/destroyuser.110
-rw-r--r--src/man/pg_dumpall.14
-rw-r--r--src/man/pg_hba.conf.58
9 files changed, 46 insertions, 45 deletions
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 9ef2613a4f4..a5b1715be42 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -89,7 +89,7 @@ void
DefineUser(CreateUserStmt *stmt)
{
- char *pg_user;
+ char *pg_shadow;
Relation pg_shadow_rel;
TupleDesc pg_shadow_dsc;
HeapScanDesc scan;
@@ -112,12 +112,12 @@ DefineUser(CreateUserStmt *stmt)
* Make sure the user attempting to create a user can insert into the
* pg_shadow relation.
*/
- pg_user = GetPgUserName();
- if (pg_aclcheck(ShadowRelationName, pg_user, ACL_RD | ACL_WR | ACL_AP) != ACLCHECK_OK)
+ pg_shadow = GetPgUserName();
+ if (pg_aclcheck(ShadowRelationName, pg_shadow, ACL_RD | ACL_WR | ACL_AP) != ACLCHECK_OK)
{
UserAbortTransactionBlock();
elog(ERROR, "defineUser: user \"%s\" does not have SELECT and INSERT privilege for \"%s\"",
- pg_user, ShadowRelationName);
+ pg_shadow, ShadowRelationName);
return;
}
@@ -220,7 +220,7 @@ extern void
AlterUser(AlterUserStmt *stmt)
{
- char *pg_user;
+ char *pg_shadow;
Relation pg_shadow_rel;
TupleDesc pg_shadow_dsc;
HeapScanDesc scan;
@@ -242,12 +242,12 @@ AlterUser(AlterUserStmt *stmt)
* Make sure the user attempting to create a user can insert into the
* pg_shadow relation.
*/
- pg_user = GetPgUserName();
- if (pg_aclcheck(ShadowRelationName, pg_user, ACL_RD | ACL_WR) != ACLCHECK_OK)
+ pg_shadow = GetPgUserName();
+ if (pg_aclcheck(ShadowRelationName, pg_shadow, ACL_RD | ACL_WR) != ACLCHECK_OK)
{
UserAbortTransactionBlock();
elog(ERROR, "alterUser: user \"%s\" does not have SELECT and UPDATE privilege for \"%s\"",
- pg_user, ShadowRelationName);
+ pg_shadow, ShadowRelationName);
return;
}
@@ -347,7 +347,7 @@ extern void
RemoveUser(char *user)
{
- char *pg_user;
+ char *pg_shadow;
Relation pg_shadow_rel,
pg_rel;
TupleDesc pg_dsc;
@@ -369,12 +369,12 @@ RemoveUser(char *user)
* Make sure the user attempting to create a user can delete from the
* pg_shadow relation.
*/
- pg_user = GetPgUserName();
- if (pg_aclcheck(ShadowRelationName, pg_user, ACL_RD | ACL_WR) != ACLCHECK_OK)
+ pg_shadow = GetPgUserName();
+ if (pg_aclcheck(ShadowRelationName, pg_shadow, ACL_RD | ACL_WR) != ACLCHECK_OK)
{
UserAbortTransactionBlock();
elog(ERROR, "removeUser: user \"%s\" does not have SELECT and DELETE privilege for \"%s\"",
- pg_user, ShadowRelationName);
+ pg_shadow, ShadowRelationName);
return;
}
@@ -463,7 +463,7 @@ RemoveUser(char *user)
* tables, views, etc owned by the user.
*
* The second option would be to create a means of deleting tables, view,
- * etc. owned by the user from other databases. Pg_user is global and
+ * etc. owned by the user from other databases. pg_shadow is global and
* so this must be done at some point.
*
* Let us not forget that the user should be removed from the pg_groups
diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample
index 2fc47dab976..fb2be3bdbb9 100644
--- a/src/backend/libpq/pg_hba.conf.sample
+++ b/src/backend/libpq/pg_hba.conf.sample
@@ -68,10 +68,11 @@
# by the host. If AUTH_ARGUMENT is specified then the password is
# compared with the user's entry in that file (in the $PGDATA
# directory). See pg_passwd(1). If it is omitted then the
-# password is compared with the user's entry in the pg_user table.
+# password is compared with the user's entry in the pg_shadow
+# table.
#
# crypt: Authentication is done by matching an encrypted password supplied
-# by the host with that held for the user in the pg_user table.
+# by the host with that held for the user in the pg_shadow table.
#
# krb4: Kerberos V4 authentication is used.
#
diff --git a/src/man/alter_user.l b/src/man/alter_user.l
index 5134fa87749..fd51693c573 100644
--- a/src/man/alter_user.l
+++ b/src/man/alter_user.l
@@ -1,6 +1,6 @@
.\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here....
-.\" $Header: /cvsroot/pgsql/src/man/Attic/alter_user.l,v 1.1 1998/01/25 07:42:00 scrappy Exp $
+.\" $Header: /cvsroot/pgsql/src/man/Attic/alter_user.l,v 1.2 1998/03/06 18:02:49 momjian Exp $
.TH "ALTER USER" SQL 01/26/98 PostgreSQL PostgreSQL
.SH NAME
alter user -- alter user account information within a PostgreSQL instance
@@ -20,10 +20,10 @@ detailed description of each of the clause in the alter user statement,
please see the create_user(l) manual page. Please note that it is not
possible to alter a user's usesysid via the alter user statement. Also,
it is only possible for the postgres user or any user with read and modify
-permissions on pg_user to alter user passwords.
+permissions on pg_shadow to alter user passwords.
If any of the clauses of the alter user statement are omitted, the
-corresponding value in the pg_user relation is left unchanged.
+corresponding value in the pg_shadow relation is left unchanged.
This statement can be used to modify users created with createuser(1).
diff --git a/src/man/catalogs.3 b/src/man/catalogs.3
index fb66dd0394f..3f8eee0ac3c 100644
--- a/src/man/catalogs.3
+++ b/src/man/catalogs.3
@@ -1,6 +1,6 @@
.\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here....
-.\" $Header: /cvsroot/pgsql/src/man/Attic/catalogs.3,v 1.3 1998/01/11 22:17:06 momjian Exp $
+.\" $Header: /cvsroot/pgsql/src/man/Attic/catalogs.3,v 1.4 1998/03/06 18:03:02 momjian Exp $
.TH "SYSTEM CATALOGS" INTRO 03/13/94 PostgreSQL PostgreSQL
.SH "Section 7 - System Catalogs"
.de LS
@@ -43,7 +43,7 @@ the site:
\fBname\fP \fBshared/local\fP \fBdescription\fP
pg_database shared current databases
pg_group shared user groups
- pg_user shared valid users
+ pg_shadow shared valid users
.LE
.SH "RULE SYSTEM CATALOGS"
.LS
@@ -339,7 +339,7 @@ pg_group
int2 grolist[1] /* list of usesysids of group members */
.fi
.nf M
-pg_user
+pg_shadow
NameData usename /* user's name */
int2 usesysid /* user's UNIX user id */
bool usecreatedb /* can user create databases? */
diff --git a/src/man/create_user.l b/src/man/create_user.l
index 49fd4d26e52..e39ea0f73b7 100644
--- a/src/man/create_user.l
+++ b/src/man/create_user.l
@@ -1,6 +1,6 @@
.\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here....
-.\" $Header: /cvsroot/pgsql/src/man/Attic/create_user.l,v 1.1 1998/01/25 07:42:01 scrappy Exp $
+.\" $Header: /cvsroot/pgsql/src/man/Attic/create_user.l,v 1.2 1998/03/06 18:03:21 momjian Exp $
.TH "CREATE USER" SQL 01/26/98 PostgreSQL PostgreSQL
.SH NAME
create user -- create a new user within a PostgreSQL instance
@@ -16,7 +16,7 @@ create user -- create a new user within a PostgreSQL instance
.SH DESCRIPTION
.BR "create user"
will add a new user to an instance of PostgreSQL. The new user will be
-given a usesysid of 'SELECT max(usesysid) + 1 FROM pg_user'. This means
+given a usesysid of 'SELECT max(usesysid) + 1 FROM pg_shadow'. This means
that a PostgreSQL user's usesysid will not correspond to their operating
system(OS) user id. The exception to this rule is the 'postgres' user,
whose OS user id is used as the usesysid during the initdb process. If
@@ -24,15 +24,15 @@ you still want the OS user id and the usesysid to match for any given
user, then use the createuser(1) script provided with the PostgreSQL
distribution.
-The 'with password' clause sets the user's password within the pg_user
-relation. For this reason, pg_user is no longer accessible to the
+The 'with password' clause sets the user's password within the pg_shadow
+relation. For this reason, pg_shadow is no longer accessible to the
'public' group. Please note that when initdb(1) is executed for an
instance of PostgreSQL that the postgres user's password is initially set
-to NULL. When a user's password in the pg_user relation is NULL, then
+to NULL. When a user's password in the pg_shadow relation is NULL, then
user authentication proceeds as it historically has (HBA, PG_PASSWORD,
etc). However, if a password is set for a user, then a new authentication
system supplants any other configured for the PostgreSQL instance, and the
-password stored in the pg_user relation is used for authentication. For
+password stored in the pg_shadow relation is used for authentication. For
more details on how this authentication system functions see pg_crypt(3).
If the 'with password' clause is omitted, then the user's password is set
to the empty string with equates to a NULL value in the authentication
@@ -54,9 +54,9 @@ defined in the pg_group relation).
Finally, the 'valid until' clause sets an absolute time after which the
user's PostgreSQL login is no longer valid. Please note that if a user
-does not have a password defined in the pg_user relation, then the valid
+does not have a password defined in the pg_shadow relation, then the valid
until date will not be checked during user authentication. If this clause
-is omitted, then a NULL value is stored in pg_user for this attribute, and
+is omitted, then a NULL value is stored in pg_shadow for this attribute, and
the login will be valid for all time.
.SH EXAMPLES
diff --git a/src/man/createuser.1 b/src/man/createuser.1
index 30a4cbac62d..ca10405135b 100644
--- a/src/man/createuser.1
+++ b/src/man/createuser.1
@@ -1,6 +1,6 @@
.\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here....
-.\" $Header: /cvsroot/pgsql/src/man/Attic/createuser.1,v 1.6 1998/01/26 01:42:44 scrappy Exp $
+.\" $Header: /cvsroot/pgsql/src/man/Attic/createuser.1,v 1.7 1998/03/06 18:03:31 momjian Exp $
.TH CREATEUSER UNIX 11/05/95 PostgreSQL PostgreSQL
.SH NAME
createuser - create a Postgres user
@@ -19,7 +19,7 @@ port]
.SH DESCRIPTION
.IR Createuser
creates a new Postgres user. Only users with \*(lqusesuper\*(rq set in
-the \*(lqpg_user\*(rq class can create new Postgres users. As shipped,
+the \*(lqpg_shadow\*(rq class can create new Postgres users. As shipped,
the user \*(lqpostgres\*(rq can create users.
.PP
.IR Createuser
@@ -96,8 +96,8 @@ is running on the proper host and that you have specified the proper
port. If your site uses an authentication system, ensure that you
have obtained the required authentication credentials.
.TP
-.BI "user \*(lq" "username" "\*(rq is not in \*(lqpg_user\*(rq"
-You do not have a valid entry in the relation \*(lqpg_user\*(rq and
+.BI "user \*(lq" "username" "\*(rq is not in \*(lqpg_shadow\*(rq"
+You do not have a valid entry in the relation \*(lqpg_shadow\*(rq and
cannot do anything with Postgres at all; contact your Postgres site
administrator.
.TP
@@ -106,7 +106,7 @@ You do not have permission to create new users; contact your Postgres
site administrator.
.TP
.BI "user \*(lq" "username" "\*(rq already exists"
-The user to be added already has an entry in the \*(lqpg_user\*(rq
+The user to be added already has an entry in the \*(lqpg_shadow\*(rq
class.
.TP
.BR "database access failed"
diff --git a/src/man/destroyuser.1 b/src/man/destroyuser.1
index a1a04baf442..2cd131e944a 100644
--- a/src/man/destroyuser.1
+++ b/src/man/destroyuser.1
@@ -1,6 +1,6 @@
.\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here....
-.\" $Header: /cvsroot/pgsql/src/man/Attic/destroyuser.1,v 1.6 1998/01/26 01:42:46 scrappy Exp $
+.\" $Header: /cvsroot/pgsql/src/man/Attic/destroyuser.1,v 1.7 1998/03/06 18:03:35 momjian Exp $
.TH DESTROYUSER UNIX 11/05/95 PostgreSQL PostgreSQL
.SH NAME
destroyuser - destroy a Postgres user and associated databases
@@ -21,7 +21,7 @@ port]
.IR Destroyuser
destroys an existing Postgres user and the databases for which that user
is database administrator. Only users with \*(lqusesuper\*(rq set in
-the \*(lqpg_user\*(rq class can destroy new Postgres users. As shipped,
+the \*(lqpg_shadow\*(rq class can destroy new Postgres users. As shipped,
the user \*(lqpostgres\*(rq can destroy users.
.PP
.IR Destroyuser
@@ -92,8 +92,8 @@ is running on the proper host and that you have specified the proper
port. If your site uses an authentication system, ensure that you
have obtained the required authentication credentials.
.TP
-.BI "user \*(lq" "username" "\*(rq is not in \*(lqpg_user\*(rq"
-You do not have a valid entry in the relation \*(lqpg_user\*(rq and
+.BI "user \*(lq" "username" "\*(rq is not in \*(lqpg_shadow\*(rq"
+You do not have a valid entry in the relation \*(lqpg_shadow\*(rq and
cannot do anything with Postgres at all; contact your Postgres site
administrator.
.TP
@@ -102,7 +102,7 @@ You do not have permission to delete users; contact your Postgres site
administrator.
.TP
.BI "user \*(lq" "username" "\*(rq does not exist"
-The user to be removed does not have an entry in the \*(lqpg_user\*(rq
+The user to be removed does not have an entry in the \*(lqpg_shadow\*(rq
class.
.TP
.BR "database access failed"
diff --git a/src/man/pg_dumpall.1 b/src/man/pg_dumpall.1
index 64d5bf87313..aefadaaac93 100644
--- a/src/man/pg_dumpall.1
+++ b/src/man/pg_dumpall.1
@@ -1,6 +1,6 @@
.\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here....
-.\" $Header: /cvsroot/pgsql/src/man/Attic/pg_dumpall.1,v 1.3 1998/01/11 22:17:47 momjian Exp $
+.\" $Header: /cvsroot/pgsql/src/man/Attic/pg_dumpall.1,v 1.4 1998/03/06 18:03:37 momjian Exp $
.TH pg_dumpall UNIX 1/20/96 PostgreSQL PostgreSQL
.SH NAME
pg_dumpall - dumps out all Postgres databases into a script file
@@ -10,7 +10,7 @@ pg_dumpall - dumps out all Postgres databases into a script file
.SH DESCRIPTION
.IR "pg_dumpall"
is a utility for dumping out all Postgres databases into one file.
-It also dumps the pg_user table, which is global to all databases.
+It also dumps the pg_shadow table, which is global to all databases.
pg_dumpall creates each dumped database before loading.
pg_dumpall takes all pg_dump options, but \fB-f\fR and \fBdbname\fR
should not be used.
diff --git a/src/man/pg_hba.conf.5 b/src/man/pg_hba.conf.5
index 4d14aa73468..32166ea2d33 100644
--- a/src/man/pg_hba.conf.5
+++ b/src/man/pg_hba.conf.5
@@ -1,5 +1,5 @@
.\" This is -*-nroff-*-
-.\" $Header: /cvsroot/pgsql/src/man/Attic/pg_hba.conf.5,v 1.4 1998/01/27 03:25:14 scrappy Exp $
+.\" $Header: /cvsroot/pgsql/src/man/Attic/pg_hba.conf.5,v 1.5 1998/03/06 18:03:38 momjian Exp $
.TH pg_hba.conf 5 1/26/98 PostgreSQL PostgreSQL
.SH NAME
$PGDATA/pg_hba.conf
@@ -61,16 +61,16 @@ domain sockets.
.PP
.IR crypt
- the client is asked for a password for the user. This is sent encrypted
-(using crypt(3)) and compared against the password held in the pg_user table.
+(using crypt(3)) and compared against the password held in the pg_shadow table.
If the passwords match, the connection is allowed.
.PP
.IR password
- the client is asked for a password for the user. This is sent in clear
-and compared against the password held in the pg_user table.
+and compared against the password held in the pg_shadow table.
If the passwords match, the connection is allowed. An optional password file
may be specified after the
.IR password
-keyword which is used to match the supplied password rather than the pg_user
+keyword which is used to match the supplied password rather than the pg_shadow
table. See pg_passwd(1).
.PP
The following authentication methods are supported for TCP/IP