Re: pkg/32204: bacula's postgresql-skripts not owned by pgsql

To: ghen%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost, stefan%net-tex.de@localhost
Subject: Re: pkg/32204: bacula's postgresql-skripts not owned by pgsql
From: Geert Hendrickx <ghen%NetBSD.org@localhost>
Date: Thu, 15 Dec 2005 21:24:06 +0000 (UTC)

The following reply was made to PR pkg/32204; it has been noted by GNATS.

From: Geert Hendrickx <ghen%NetBSD.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: wiz%NetBSD.org@localhost, reed%NetBSD.org@localhost
Subject: Re: pkg/32204: bacula's postgresql-skripts not owned by pgsql
Date: Wed, 14 Dec 2005 10:32:46 +0100

 On Wed, Nov 30, 2005 at 22:41:00 +0000, Stefan Schumacher wrote:
 > >Description:
 > pkgsrc/sysutils/bacula installs skripts to setup the required PostgreSQL
 > database. Those skripts (/usr/pkg/libexec/bacula/*postgresql*) are owned
 > by root.wheel and can therefor not be executed by "pgsql".   
 > 
 > PostgreSQL doesn't allow "root" to execute postmaster, so the skripts
 > must be run by "pgsql". "pgsql" cannot access those skripts unless they
 > are chgrp'ed  to "pgsql". 

 % ls -l /usr/pkg/libexec/bacula/*postgresql*
 -rwxr-xr-x  1 root  wheel    282 Dec  2 15:01 
/usr/pkg/libexec/bacula/create_postgresql_database
 -rwxr-xr-x  1 root  wheel    210 Dec  2 15:01 
/usr/pkg/libexec/bacula/drop_postgresql_database
 -rwxr-xr-x  1 root  wheel    636 Dec  2 15:01 
/usr/pkg/libexec/bacula/drop_postgresql_tables
 -rwxr-xr-x  1 root  wheel   1742 Dec  2 15:01 
/usr/pkg/libexec/bacula/grant_postgresql_privileges
 -rwxr-xr-x  1 root  wheel  10403 Dec  2 15:01 
/usr/pkg/libexec/bacula/make_postgresql_tables
 -rwxr-xr-x  1 root  wheel   4255 Dec  2 15:01 
/usr/pkg/libexec/bacula/update_postgresql_tables

 As far as I can see, everyone is permitted to execute these scripts.

 Moreover, you don't have to run "postmaster", that's the PostgreSQL
 database server itself (normally started by the rc.d script which takes
 care of the correct permissions).  The scripts you refer to really invoke
 "psql", the PostgreSQL command line client.  psql can be used by any user,
 even from remote, if you set the PGUSER, PGHOST and PGPORT environment
 variables appriopriately.  (UNIX users and PostgreSQL users are completely
 independent concepts).  

 > This is a little bit tricky for sysadmins not that familiar with
 > PostgreSQL user concepts.

 You should have a basic understanding of PostgreSQL user concepts if you
 want to run a PostgreSQL server...  

 Let me know whether the above explanation solves your problem.  

        Geert

Prev by Date: Re: pkg/32151 (update net/arpwatch to 2.1a13)
Next by Date: pkg/32314: PKG squid: enabling AUFS in PKG_OPTIONS does not add aufs to storio definition
Previous by Thread: Re: pkg/32204: bacula's postgresql-skripts not owned by pgsql
Next by Thread: Re: pkg/32202
Indexes:

Home | Main Index | Thread Index | Old Index