[Dbconfig-common-devel] Read only access for all users to database

Kip Warner kip at thevertigo.com
Fri Jun 3 20:18:02 UTC 2016


On Fri, 2016-06-03 at 21:06 +0200, Paul Gevers wrote:
> Hi Kip

Hey Paul.

> As said, I believe this is outside of the realm of dbconfig-common. I 
> am not sure that it is possible what you want, 

I think it is fairly simple to do, but just not through dbconfig
-common. I added the following to my postinst...

    ...
    echo "map_all_mypackage /.* mypackage" >> /etc/postgresql/9.5/main/pg_ident.conf
    sed -i -r "s/(local\s*all\s*all\s*peer)/#\1/" /etc/postgresql/9.5/main/pg_hba.conf
echo "local all all ident map=map_all_mypackage" >> /etc/postgresql/9.5/main/pg_hba.conf
...

> because on the system where you run dbconfig-common, there may be no
> way at all to know the system users of the system hosting the
> database.

One way to do this is as I did above for all system users. If you
needed to do it for just specific ones, you can do that too like so...


    # Get list of all system users...
    AllUsers=$(cut -d: -f1 /etc/passwd)

Then loop through the result checking each user to see if it has a
regular home directory.

-- 
Kip Warner -- Senior Software Engineer
OpenPGP encrypted/signed mail preferred
http://www.thevertigo.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/dbconfig-common-devel/attachments/20160603/e1b2afde/attachment.sig>


More information about the Dbconfig-common-devel mailing list