case $(sudo sv status mysql || true) in
(''|run:*|*"s, normally up;"*)
rule runit_sv_restart mysql
- while case $(sudo inotifywait -e create -- /run/mysqld/sock/) in
- ("/run/mysqld/sock/ CREATE mysql") false;;
- (*) true;;
- esac
- do true; done
(
cd /
+ while ! sudo -u mysql mysql -u mysql </dev/null
+ do sleep 0.3; done
# NOTE:
# - ajoute l'accès par socket Unix à mysql
# - ajoute les droits de super-utilisateur à mysql
case $(sudo sv status postgres || true) in
(''|run:*|*"s, normally up;"*)
rule runit_sv_restart postgres
- while case $(sudo inotifywait -e create -- /run/postgresql/) in
- ("/run/postgresql/ CREATE .s.PGSQL.5432") false;;
- (*) true;;
- esac
- do true; done
(
cd /
+ while ! sudo -u postgres psql </dev/null
+ do sleep 0.3; done
# NOTE: supprime l'accès au schéma public depuis public,
# de sorte à ce que les différents utilisateurices
# ne voient pas leurs bases de données entre-elleux ;
- #sudo -u postgres psql template1 -a -f - <<-EOF
- # \set ON_ERROR_STOP on
- # REVOKE ALL ON DATABASE template1 FROM public;
- # REVOKE ALL ON SCHEMA public FROM public;
- # GRANT ALL ON SCHEMA public TO postgres;
- # EOF
+ sudo -u postgres psql template1 -a -f - <<-EOF
+ \set ON_ERROR_STOP on
+ REVOKE ALL ON DATABASE template1 FROM public;
+ REVOKE ALL ON SCHEMA public FROM public;
+ GRANT ALL ON SCHEMA public TO postgres;
+ EOF
# NOTE: ajoute le support de PL/PGSQL s'il ne l'est pas déjà.
sudo -u postgres psql template1 -a -f - <<-EOF
\set ON_ERROR_STOP on
EOF
# NOTE: supprime l'accès à la liste des bases données
# et utilisateurices depuis public.
- #sudo -u postgres psql template1 -a -f - <<-EOF
- # \set ON_ERROR_STOP on
- # REVOKE ALL ON pg_auth_members FROM public;
- # REVOKE ALL ON pg_authid FROM public;
- # REVOKE ALL ON pg_database FROM public;
- # REVOKE ALL ON pg_group FROM public;
- # REVOKE ALL ON pg_roles FROM public;
- # REVOKE ALL ON pg_settings FROM public;
- # REVOKE ALL ON pg_tablespace FROM public;
- # REVOKE ALL ON pg_user FROM public;
- # EOF
+ sudo -u postgres psql template1 -a -f - <<-EOF
+ \set ON_ERROR_STOP on
+ REVOKE ALL ON pg_auth_members FROM public;
+ REVOKE ALL ON pg_authid FROM public;
+ REVOKE ALL ON pg_database FROM public;
+ REVOKE ALL ON pg_group FROM public;
+ REVOKE ALL ON pg_roles FROM public;
+ REVOKE ALL ON pg_settings FROM public;
+ REVOKE ALL ON pg_tablespace FROM public;
+ REVOKE ALL ON pg_user FROM public;
+ EOF
)
;;
esac
}
-rule_postgresql_db_add () { # SYNTAX: $db $db_user
- local db="$1" db_user="$2"
+rule_postgresql_db_add () { # SYNTAX: $db $owner
+ local db="$1"
+ local owner="${2:-$db}"
sudo -u postgres psql template1 -a -f - <<-EOF
\set ON_ERROR_STOP on
DO LANGUAGE plpgsql \$\$
BEGIN
IF NOT EXISTS (
SELECT *
- FROM pg_catalog.pg_roles
- WHERE rolname = '${db}_role'
+ FROM pg_catalog.pg_user
+ WHERE usename = '$owner'
LIMIT 1
) THEN
- CREATE ROLE ${db}_role
- NOCREATEDB
- NOCREATEROLE
- NOINHERIT
- NOLOGIN
- NOSUPERUSER;
- END IF;
- IF NOT EXISTS (
- SELECT *
- FROM pg_catalog.pg_user
- WHERE usename = '$db_user'
- LIMIT 1
- ) THEN
- CREATE ROLE $db_user
+ CREATE ROLE $owner
LOGIN
NOCREATEDB
NOCREATEROLE
(*)
sudo -u postgres psql template1 -a -f - <<-EOF
\set ON_ERROR_STOP on
- CREATE DATABASE $db WITH OWNER=$db_user;
+ CREATE DATABASE $db WITH OWNER=$owner;
EOF
;;
esac
sudo -u postgres psql template1 -a -f - <<-EOF
\set ON_ERROR_STOP on
- GRANT ${db}_role TO $db_user;
- ALTER USER $db SET search_path to $db;
REVOKE ALL ON DATABASE $db FROM public;
EOF
+ sudo -u postgres psql "$db" -a -f - <<-EOF
+ \set ON_ERROR_STOP on
+ GRANT ALL ON SCHEMA public TO $owner WITH GRANT OPTION;
+ EOF
}
rule_postgresql_db_user_add () { # SYNTAX: $db $user
local db="$1" user="$2"
- sudo -u postgres psql template1 -a -f - <<-EOF
+ sudo -u postgres psql "$db" -a -f - <<-EOF
\set ON_ERROR_STOP on
DO LANGUAGE plpgsql \$\$
BEGIN
\$\$;
GRANT USAGE ON SCHEMA public TO $user;
GRANT CONNECT,TEMPORARY ON DATABASE $db TO $user;
- GRANT $db TO $user;
EOF
}
rule_openerp_configure () {