From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:470:142:3::10]:57510)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hbQ96-0002rM-FL
 for guix-patches@gnu.org; Thu, 13 Jun 2019 09:52:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hbQ95-0004UK-0L
 for guix-patches@gnu.org; Thu, 13 Jun 2019 09:52:04 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:49460)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1hbQ93-0004TQ-QR
 for guix-patches@gnu.org; Thu, 13 Jun 2019 09:52:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hbQ93-00064K-NX
 for guix-patches@gnu.org; Thu, 13 Jun 2019 09:52:01 -0400
Subject: [bug#36191] [PATCH] gnu: postgres service: More secure default
 permissions.
Resent-Message-ID: <handler.36191.B.156043386623259@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:57292)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <rob@vllmrt.net>) id 1hbQ81-0002I2-9l
 for guix-patches@gnu.org; Thu, 13 Jun 2019 09:50:59 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <rob@vllmrt.net>) id 1hbQ7y-0003iZ-AD
 for guix-patches@gnu.org; Thu, 13 Jun 2019 09:50:57 -0400
Received: from mx2a.mailbox.org ([2001:67c:2050:104:0:2:25:2]:54640
 helo=mx2.mailbox.org)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <rob@vllmrt.net>) id 1hbQ7x-0003cr-BE
 for guix-patches@gnu.org; Thu, 13 Jun 2019 09:50:53 -0400
From: Robert Vollmert <rob@vllmrt.net>
Date: Thu, 13 Jun 2019 15:50:37 +0200
Message-Id: <20190613135037.10645-1-rob@vllmrt.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 36191@debbugs.gnu.org
Cc: Robert Vollmert <rob@vllmrt.net>

This changes to 'peer' authentication for local socket connections,
and password-based authentication for local network connections.

* gnu/services/databases.scm (%default-postgres-hba): Change
authentication method.
---
 gnu/services/databases.scm | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index 7113f1f2a1..ec31489d48 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -5,6 +5,7 @@
 ;;; Copyright =C2=A9 2017 Christopher Baines <mail@cbaines.net>
 ;;; Copyright =C2=A9 2018 Cl=C3=A9ment Lassieur <clement@lassieur.org>
 ;;; Copyright =C2=A9 2018 Julien Lepiller <julien@lepiller.eu>
+;;; Copyright =C2=A9 2019 Robert Vollmert <rob@vllmrt.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -91,9 +92,9 @@
 (define %default-postgres-hba
   (plain-file "pg_hba.conf"
               "
-local	all	all			trust
-host	all	all	127.0.0.1/32 	trust
-host	all	all	::1/128 	trust"))
+local	all	all			peer
+host	all	all	127.0.0.1/32 	md5
+host	all	all	::1/128 	md5"))
=20
 (define %default-postgres-ident
   (plain-file "pg_ident.conf"
--=20
2.20.1 (Apple Git-117)