21.4. Trust Authentication
  When
  
   trust
  
  authentication is specified,
  
   PostgreSQL
  
  assumes that anyone who can
    connect to the server is authorized to access the database with
    whatever database user name they specify (even superuser names).
    Of course, restrictions made in the
  
   database
  
  and
  
   user
  
  columns still apply.
    This method should only be used when there is adequate
    operating-system-level protection on connections to the server.
 
  
   trust
  
  authentication is appropriate and very
    convenient for local connections on a single-user workstation.  It
    is usually
  
   
    not
   
  
  appropriate by itself on a multiuser
    machine.  However, you might be able to use
  
   trust
  
  even
    on a multiuser machine, if you restrict access to the server's
    Unix-domain socket file using file-system permissions.  To do this, set the
  
   unix_socket_permissions
  
  (and possibly
  
   unix_socket_group
  
  ) configuration parameters as
    described in
  
   Section 20.3
  
  .  Or you
    could set the
  
   unix_socket_directories
  
  configuration parameter to place the socket file in a suitably
    restricted directory.
 
  Setting file-system permissions only helps for Unix-socket connections.
    Local TCP/IP connections are not restricted by file-system permissions.
    Therefore, if you want to use file-system permissions for local security,
    remove the
  
   host ... 127.0.0.1 ...
  
  line from
  
   pg_hba.conf
  
  , or change it to a
    non-
  
   trust
  
  authentication method.
 
  
   trust
  
  authentication is only suitable for TCP/IP connections
    if you trust every user on every machine that is allowed to connect
    to the server by the
  
   pg_hba.conf
  
  lines that specify
  
   trust
  
  .  It is seldom reasonable to use
  
   trust
  
  for any TCP/IP connections other than those from
  
   localhost
  
  (127.0.0.1).