+ rule adduser postgres \
+ --disabled-login \
+ --disabled-password \
+ --group \
+ --home /home/postgresql \
+ --shell /bin/false \
+ --system
+ rule adduser postgres-data \
+ --disabled-login \
+ --disabled-password \
+ --group \
+ --home /home/postgresql/data \
+ --no-create-home \
+ --shell /bin/false \
+ --system
+ sudo usermod --home /home/postgresql postgres
+ sudo adduser postgres postgres-data
+ sudo rm -rf \
+ /etc/postgresql
+ sudo install -d -m 750 -o postgres -g postgres \
+ /home/postgresql \
+ /home/postgresql/etc \
+ /etc/postgresql \
+ /etc/postgresql/9.1 \
+ /etc/postgresql/9.1/main
+ sudo ln -fns \
+ /etc/postgresql \
+ /home/postgresql/etc/postgresql
+ sudo install -d -m 751 -o postgres -g postgres \
+ /home/postgresql/log \
+ /home/postgresql/log/9.1
+ sudo service tmpfs restart
+ if sudo test ! -d /home/postgresql/data
+ then
+ sudo install -d -m 750 -o postgres -g postgres \
+ /home/postgresql/data
+ (
+ cd /
+ sudo -u postgres pg_createcluster \
+ --datadir=/home/postgresql/data \
+ --logfile=/home/postgresql/log/9.1/main \
+ --socketdir=/run/postgresql/sock \
+ --start 9.1 main
+ )
+ fi
+ sudo install -m 770 -o postgres -g postgres /dev/stdin \
+ /etc/postgresql/9.1/main/pg_hba.conf <<-EOF
+ local all postgres peer
+ local all all peer
+ EOF
+ sudo install -m 660 -o postgres -g postgres \
+ "$tool"/etc/postgresql/9.1/main/postgresql.conf \
+ /etc/postgresql/9.1/main/postgresql.conf
+ sudo insserv -r postgresql
+ case $(sudo sv status postgres || true) in
+ (''|run:*|*"s, normally up;"*)
+ sudo sv restart postgres
+ (
+ cd /
+ case $(sudo inotifywait -e create -- /run/postgresql/sock/) in
+ ("/run/postgresql/sock/ CREATE .s.PGSQL."*)
+ # NOTE:
+ # - supprime l'accès au schéma public depuis public,
+ # de sorte à ce que les différents utilisateurices
+ # ne voient pas leurs bases de données entre-elleux ;
+ # - ajoute le support de PL/PGSQL
+ sudo -u postgres psql template1 -f - <<-EOF
+ REVOKE ALL ON DATABASE template1 FROM public;
+ REVOKE ALL ON SCHEMA public FROM public;
+ GRANT ALL ON SCHEMA public TO postgres;
+ CREATE LANGUAGE plpgsql;
+ EOF
+ # NOTE:
+ # - supprime l'accès à la liste des bases données
+ # et utilisateurices depuis public.
+ sudo -u postgres psql template1 -f - <<-EOF
+ REVOKE ALL ON pg_auth_members FROM public;
+ REVOKE ALL ON pg_authid FROM public;
+ REVOKE ALL ON pg_database FROM public;
+ REVOKE ALL ON pg_group FROM public;
+ REVOKE ALL ON pg_roles FROM public;
+ REVOKE ALL ON pg_settings FROM public;
+ REVOKE ALL ON pg_tablespace FROM public;
+ REVOKE ALL ON pg_user FROM public;
+ EOF
+ ;;
+ esac
+ )
+ ;;
+ esac
+ }
+rule_postgresql_db_add () { # SYNTAX: $db $db_user
+ local db="$1" db_user="$2"
+ sudo -u postgresql psql template1 -f - <<-EOF
+ CREATE ROLE $db NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOLOGIN;
+ CREATE ROLE $db_user NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED;
+ GRANT $db TO $db_user;
+ CREATE DATABASE $db WITH OWNER=$db_user;
+ REVOKE ALL ON DATABASE $db FROM public;
+ EOF
+ }
+rule_postgresql_db_user_add () { # SYNTAX: $db $user
+ local db="$1" user="$2"
+ sudo -u postgresql psql template1 -f - <<-EOF
+ CREATE ROLE $user NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED;
+ GRANT USAGE ON SCHEMA public TO $user;
+ GRANT CONNECT,TEMPORARY ON DATABASE $db TO $user;
+ GRANT $db TO $user;
+ EOF