postgres Can not configure custom authorization at pg_hba.conf because of more global rule

Can not configure custom authorization at pg_hba.conf because of more global rule

Open EugenKon opened this issue 1 year ago • 2 comments

docker-entrypoint.sh sets up host all all all scram-sha-256 into pg_hba.conf file. https://github.com/docker-library/postgres/blob/8a631b939a0b4197cb6bef49b50b6c40c80ddf5b/15/bookworm/docker-entrypoint.sh#L252

For my database located in trusted network I wan to configure trusted authentication, but can not, because first list matched first:

...
host all all all scram-sha-256
host db user 172.16.0.0/12 trust

My /docker-entrypoint-initdb.d/000-trust.sh script is:

echo "host db user 172.16.0.0/12 trust" >> "${PGDATA}/pg_hba.conf"

It would be nice if this catch-all rule you will add later after processing init files https://github.com/docker-library/postgres/blob/8a631b939a0b4197cb6bef49b50b6c40c80ddf5b/15/bookworm/docker-entrypoint.sh#L331

Sep 29 '23 22:09 EugenKon

I'm not sure what changes we can safely make to that ordering, but you should be able to handle this in your initdb script via sed, something like:

sed -i -e '/^host all all all/d' "$PGDATA/pg_hba.conf"

Dec 08 '23 22:12 tianon

It would be nice to disable that functionality so user can manage it manually, eg. CUSTOM_PG_HBA=true.

Dec 08 '23 23:12 EugenKon

postgres postgres copied to clipboard

Can not configure custom authorization at pg_hba.conf because of more global rule

postgres
postgres copied to clipboard