[Dbconfig-common-devel] Read only access for all users to database
Kip Warner
kip at thevertigo.com
Fri Jun 3 20:18:02 UTC 2016
On Fri, 2016-06-03 at 21:06 +0200, Paul Gevers wrote:
> Hi Kip
Hey Paul.
> As said, I believe this is outside of the realm of dbconfig-common. I
> am not sure that it is possible what you want,
I think it is fairly simple to do, but just not through dbconfig
-common. I added the following to my postinst...
...
echo "map_all_mypackage /.* mypackage" >> /etc/postgresql/9.5/main/pg_ident.conf
sed -i -r "s/(local\s*all\s*all\s*peer)/#\1/" /etc/postgresql/9.5/main/pg_hba.conf
echo "local all all ident map=map_all_mypackage" >> /etc/postgresql/9.5/main/pg_hba.conf
...
> because on the system where you run dbconfig-common, there may be no
> way at all to know the system users of the system hosting the
> database.
One way to do this is as I did above for all system users. If you
needed to do it for just specific ones, you can do that too like so...
# Get list of all system users...
AllUsers=$(cut -d: -f1 /etc/passwd)
Then loop through the result checking each user to see if it has a
regular home directory.
--
Kip Warner -- Senior Software Engineer
OpenPGP encrypted/signed mail preferred
http://www.thevertigo.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/dbconfig-common-devel/attachments/20160603/e1b2afde/attachment.sig>
More information about the Dbconfig-common-devel
mailing list