Subject: Re: pkg/32204: bacula's postgresql-skripts not owned by pgsql
To: None <ghen@netbsd.org, gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org,>
From: Geert Hendrickx <ghen@NetBSD.org>
List: pkgsrc-bugs
Date: 12/15/2005 09:05:02
The following reply was made to PR pkg/32204; it has been noted by GNATS.
From: Geert Hendrickx <ghen@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: pkg/32204: bacula's postgresql-skripts not owned by pgsql
Date: Thu, 15 Dec 2005 10:01:45 +0100
On Wed, Nov 30, 2005 at 22:41:00 +0000, Stefan Schumacher wrote:
> >Description:
> pkgsrc/sysutils/bacula installs skripts to setup the required PostgreSQL
> database. Those skripts (/usr/pkg/libexec/bacula/*postgresql*) are owned
> by root.wheel and can therefor not be executed by "pgsql".
>
> PostgreSQL doesn't allow "root" to execute postmaster, so the skripts
> must be run by "pgsql". "pgsql" cannot access those skripts unless they
> are chgrp'ed to "pgsql".
% ls -l /usr/pkg/libexec/bacula/*postgresql*
-rwxr-xr-x 1 root wheel 282 Dec 2 15:01 /usr/pkg/libexec/bacula/create_postgresql_database
-rwxr-xr-x 1 root wheel 210 Dec 2 15:01 /usr/pkg/libexec/bacula/drop_postgresql_database
-rwxr-xr-x 1 root wheel 636 Dec 2 15:01 /usr/pkg/libexec/bacula/drop_postgresql_tables
-rwxr-xr-x 1 root wheel 1742 Dec 2 15:01 /usr/pkg/libexec/bacula/grant_postgresql_privileges
-rwxr-xr-x 1 root wheel 10403 Dec 2 15:01 /usr/pkg/libexec/bacula/make_postgresql_tables
-rwxr-xr-x 1 root wheel 4255 Dec 2 15:01 /usr/pkg/libexec/bacula/update_postgresql_tables
As far as I can see, everyone is permitted to execute these scripts.
Moreover, you don't have to run "postmaster", that's the PostgreSQL
database server itself (normally started by the rc.d script which takes
care of the correct permissions). The scripts you refer to really invoke
"psql", the PostgreSQL command line client. psql can be used by any user,
even from remote, if you set the PGUSER, PGHOST and PGPORT environment
variables appriopriately. (UNIX users and PostgreSQL users are completely
independent concepts).
> This is a little bit tricky for sysadmins not that familiar with
> PostgreSQL user concepts.
You should have a basic understanding of PostgreSQL user concepts if you
want to run a PostgreSQL server...
Let me know whether the above explanation solves your problem.
Geert