[Dbconfig-common-devel] Read only access for all users to database
Paul Gevers
elbrus at debian.org
Fri Jun 3 20:46:27 UTC 2016
Hi Kip
On 03-06-16 22:18, Kip Warner wrote:
> On Fri, 2016-06-03 at 21:06 +0200, Paul Gevers wrote:
>> Hi Kip
>
> Hey Paul.
>
>> As said, I believe this is outside of the realm of dbconfig-common. I
>> am not sure that it is possible what you want,
>
> I think it is fairly simple to do, but just not through dbconfig
> -common. I added the following to my postinst...
>
> ...
> echo "map_all_mypackage /.* mypackage" >> /etc/postgresql/9.5/main/pg_ident.conf
> sed -i -r "s/(local\s*all\s*all\s*peer)/#\1/" /etc/postgresql/9.5/main/pg_hba.conf
> echo "local all all ident map=map_all_mypackage" >> /etc/postgresql/9.5/main/pg_hba.conf
> ...
>
>> because on the system where you run dbconfig-common, there may be no
>> way at all to know the system users of the system hosting the
>> database.
>
> One way to do this is as I did above for all system users. If you
> needed to do it for just specific ones, you can do that too like so...
>
>
> # Get list of all system users...
> AllUsers=$(cut -d: -f1 /etc/passwd)
>
> Then loop through the result checking each user to see if it has a
> regular home directory.
Am I missing something, or does this all only work if the system that
you run your postinst on is the same as the host where the database
lives? Your commands must be executed on the system where the database
lives, which you may not have access to except via sql commands.
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/dbconfig-common-devel/attachments/20160603/11211a5d/attachment.sig>
More information about the Dbconfig-common-devel
mailing list