aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Vollmert <rob@vllmrt.net>2019-06-13 15:50:37 +0200
committerLudovic Courtès <ludo@gnu.org>2019-07-02 18:33:51 +0200
commit334a2f4def1d4f9dc37718d847923cd941849607 (patch)
tree1abc9ae637db2f8e5d5e4c9c6e18afa765f46f56
parent9616b81e9861c831159a0e1a5993854b9ad3c3e5 (diff)
downloadguix-334a2f4def1d4f9dc37718d847923cd941849607.tar
guix-334a2f4def1d4f9dc37718d847923cd941849607.tar.gz
gnu: postgres service: More secure default permissions.
This changes to 'peer' authentication for local socket connections, and password-based authentication for local network connections. * gnu/services/databases.scm (%default-postgres-hba): Change authentication method. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
-rw-r--r--gnu/services/databases.scm7
1 files changed, 4 insertions, 3 deletions
diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index 7113f1f2a1..ec31489d48 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2018 Julien Lepiller <julien@lepiller.eu>
+;;; Copyright © 2019 Robert Vollmert <rob@vllmrt.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -91,9 +92,9 @@
(define %default-postgres-hba
(plain-file "pg_hba.conf"
"
-local all all trust
-host all all 127.0.0.1/32 trust
-host all all ::1/128 trust"))
+local all all peer
+host all all 127.0.0.1/32 md5
+host all all ::1/128 md5"))
(define %default-postgres-ident
(plain-file "pg_ident.conf"