通过连接到远程PostgreSQL服务器访问文件系统
[英]Access filesystem via connection to remote PostgreSQL server
问题描述
We have PostgreSQL running on a unix box, and multiple users with both individual unix accounts and individual database logins. 
我们的PostgreSQL在一个unix框上运行,并且有多个用户具有单独的unix帐户和单独的数据库登录名。 The kind of workflow we are trying to enable for these users is: 我们尝试为这些用户启用的工作流程是:
- Transfer a large file to the server (typically via Samba) 将大文件传输到服务器(通常通过Samba)
- Establish a remote connection from the user's PC to PostgreSQL 建立从用户PC到PostgreSQL的远程连接
- Read the large file into a (preferably temporary) table and do some analysis 将大文件读入(最好是临时的)表中并进行一些分析
The stumbling block is how to access the file while logged into PostgreSQL. 绊脚石是如何在登录PostgreSQL时访问文件。 At first glance this seems impossible to do securely, because the database is running under the postgres account, which doesn't even have access to files belonging to other unix accounts. 乍一看,这似乎不可能安全地进行,因为数据库是在postgres帐户下运行的,该帐户甚至无法访问属于其他unix帐户的文件。 Out of the box, I believe the only way that PostgreSQL users could access local files would be to (a) make the files readable by the postgres unix account, and (b) give the database users elevated privileges to allow them to use the COPY FROM command in Postgres. 开箱即用,我认为PostgreSQL用户访问本地文件的唯一方法是(a)使这些文件可由postgres unix帐户读取,并且(b)为数据库用户提供更高的特权,以允许他们使用COPY FROM Postgres中的COPY FROM命令。 This is out of the question; 这是不可能的。 the users must not be able to read each other's data. 用户必须不能读取彼此的数据。
The workaround we are currently using is to shell into the server and run psql , which allows the user to slurp in data from a local file using the \\copy meta-command. 我们当前使用的解决方法是将外壳程序psql到服务器中并运行psql ,该操作允许用户使用\\copy meta-command从本地文件中提取数据。 But this complicates the workflow and is not very satisfactory to our users, who are mostly unfamiliar with unix. 但是,这使工作流程变得复杂,并且对大多数不熟悉unix的用户来说并不十分令人满意。 Instead, they would like to drive the whole process from PC-based analytics package called SAS, which can connect directly to Postgres via ODBC. 相反,他们希望从名为SAS的基于PC的分析程序包驱动整个过程,该程序包可以通过ODBC直接连接到Postgres。
I am looking for a creative solution to this problem. 我正在寻找一种解决此问题的创造性方法。 Clearly, the naive workflow I listed above is completely at odds with the unix security model. 显然,我上面列出的天真的工作流程与unix安全模型完全不符。 But is there an alternative which will function similarly from the user's point of view? 但是,从用户的角度来看,是否有一种替代方法可以起到类似的作用? We're happy to consider stored procedures, man-in-the-middle proxies, etc. 我们很高兴考虑存储过程,中间人代理等。
1 个解决方案
解决方案1
1 2013-02-22 08:41:36
If your users are connecting via SAS, can they upload the files themselves via the SAS-PSQL connection? 如果您的用户通过SAS连接,他们是否可以通过SAS-PSQL连接自己上传文件? Speaking as a SAS user this is certainly possible; 以SAS用户的身份讲这当然是可能的。 something like 就像是
libname psql odbc (connection-string);
data psql.mytable;
set sastable;
run;
Of course that requires it being read into SAS locally first, but that is likely trivial. 当然,这需要先将其本地读取到SAS中,但这可能并不重要。 The main potential issue here is time - it is undoubtedly slower to transfer this way than over SAMBA; 这里的主要潜在问题是时间-毫无疑问,这种传输方式比通过SAMBA传输要慢。 but perhaps the time taken is worth it for the simplicity? 但是为简单起见,花时间值得吗?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.