On Thu, April 25, 2013 20:26, Joseph wrote: > On 04/25/13 18:57, J. Roeleveld wrote: >>> So pg_hba.conf only controls direct connections to postgreSQL. >> >>Correct. >> >>> Since "apache" group is in postgres user; apache was given permission >>> to >>> access the database in this case py-passing the setting in pg_hba.conf >> >>Wrong, Postgresql does not check group-ownership. Your pg_hba.conf file >>will have a setting that allows Apache to connect. >> >>> Is there a way to force sequence: >>> Apache/website <-> pg_hba.conf <-> Postgresql >> >>Postgresql will always read the pg_hba.conf file and use that to >> determine >>who can and can not connect directly to Postgresql. >> >>-- >>Joost > > I've tired with this line: > local clinic sql-ledger trust > > I can connect to "clinic" database form localhost and any box on the > network. It works OK > But I when I tried to further limit the database to a single IP, > postgresql refused to start. > > local clinic sql-ledger 10.0.0.100/32 trust
This line is wrong, please read the comments in the supplied "pg_hba.conf" file: # "local" is for Unix domain socket connections only If you want to limit to an IP-address, then you nneed to use "host" -- Joost