[Dbconfig-common-devel] Re: PostgreSQL access rights handling

Andreas Tille tillea at rki.de
Sat Sep 24 20:56:23 UTC 2005 

On Sat, 24 Sep 2005, sean finney wrote:

> i don't know that we've come to an agreement on the matter, actually.
> i'm very much hesitant to append/delete lines from the pg_hba.conf
> automatically, and it's questionable whether policy would
> allow it at all.

Policy says one package is not allowed to change a config file of another
package.  But on the other hand the local administrator can change any
config file, say with an editor.  So why not give the local admin a "well
designed editor" which just prefils the text to insert into the file
you want to edit and name this editor dbconfig-common.  It is not that
GNUmed would change the configuration of PostgreSQL but the administrator
is asked whether he want to edit a file (/etc/postgres/pg_hba.conf) using
(the editor) dbconfig-common and if he do not want to use this editor he
has to insert the following manually

      ...

In this approach I see no conflict with policy.

> a while back andreas and i discussed the possibility of asking
> upstream postgres folks to introduce a "conf.d" style directory
> in which we could dynamically add information, but i don't think
> anythying came of it (or, that he or i contacted them at all, heh).

I did not talk to them but the idea is *really* great and we (you, because
it was your idea? ;-) ) should talk to them - better today than tomorrow.

> if that's not a possibility, i'm thinking that a happy medium
> for the time being would be to add code to dbconfig-common that
>
> a - guesses by reading pg_hba.conf and based on install settings if
>    there will be a problem
> b - if (a), generate and output via debconf the line that should be added,
>    and tell the admin what to do before hitting "ok".

This would solve a lot of problems.!

> what do you think?  i've got a pretty big backlog of work right now and
> i can't promise to have time to implement something like that soon,
> so, um, patches are welcome :)

Perhaps just posting this to a postgres related list.  Just tell me if
you want me to foreward this.

Kind regards

            Andreas.

-- 
http://fam-tille.de

More information about the Dbconfig-common-devel mailing list