[Dbconfig-common-devel] Read only access for all users to database

Sat Jun 11 07:18:25 UTC 2016

Hi Kip,

> Probably a good idea to check that the user is installing to localhost.
> If they are, then using the following within your postinst hook works
> perfectly:

Just wondering, do you mean with "your postinst" the postinst of
dbconfig-common, or just the postinst of a package that uses
dbconfig-common.

>     ...
>     sed -i -r "s/\s*map_all_myapplication\s*\/\.\*\s*myapplication\s*//" /etc/postgresql/9.5/main/pg_ident.conf
> 
>     sed -i -r "s/\s*local\s*all\s*all\s*ident\s*map=map_all_myapplication\s*//" /etc/postgresql/9.5/main/pg_hba.conf
> 
>     echo "map_all_myapplication /.* myapplication" >> /etc/postgresql/9.5/main/pg_ident.conf
> 
>     sed -i -r "s/(local\s*all\s*all\s*peer)/#\1/" /etc/postgresql/9.5/main/pg_hba.conf
>     ...

Please be aware that what you are doing above is not allowed in a Debian
proper package without asking the system administrator first:
1) You are mangling with a configuration file.
2) You are mangling with a configuration file of an other package.

It looks like there are templates in the dbconfig-common package that
were meant for your use case, but they are not used. Maybe Sean couldn't
get his head around of how to do it sanely (just guessing here).

After our discussion so far, could you please try to describe what you
want to do (maybe more generic than just your package) and file that as
a bug against dbconfig-common (please refer to this thread if you do). I
have the feeling that there may be some improvement possible in
dbconfig-common, but I don't see exactly what yet. Maybe all I need is a
good use case example (of things that aren't working without changing).

Paul

Template: dbconfig-common/pgsql/changeconf
Type: boolean
Default: false
#flag:translate!:3
# This template is currently unused
_Description: Change PostgreSQL configuration automatically?
 It has been determined that the database installation for ${pkg}
 cannot be automatically accomplished without making changes to
 the PostgreSQL server's access controls. It is suggested that this
 be done by dbconfig-common when the package is installed. If
 instead you would prefer to do it manually, the following line needs
 to be added to your pg_hba.conf:
 .
 ${pghbaline}

Template: dbconfig-common/pgsql/manualconf
Type: note
# This template is currently unused
_Description: Modifications needed in /etc/postgresql/pg_hba.conf
 To get the database for package ${pkg} bootstrapped you have
 to edit the configuration of the PostgreSQL server. You may be able to
 find help in the file /usr/share/doc/${pkg}/README.Debian.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/dbconfig-common-devel/attachments/20160611/aaad7da8/attachment.sig>