- # DOC: http://wiki.postgresql.org/wiki/Shared_Database_Hosting
-rule apt_get_install postgresql-9.1
+# DOC: http://wiki.postgresql.org/wiki/Shared_Database_Hosting
+
+#rule apt_get_install postgresql-9.1
rule insserv_remove postgresql
rule adduser postgres \
--disabled-login \
sudo install -m 640 -o postgres -g postgres /dev/stdin \
/etc/postgresql/9.1/main/pg_ident.conf <<-EOF
# MAPNAME SYSTEM-USERNAME PG-USERNAME
+ admin postgres postgres
+ admin root postgres
EOF
sudo install -m 640 -o postgres -g postgres /dev/stdin \
/etc/postgresql/9.1/main/start.conf <<-EOF
EOF
sudo install -m 640 -o postgres -g postgres /dev/stdin \
/etc/postgresql/9.1/main/pg_hba.conf <<-EOF
- local all postgres peer
+ local all postgres peer map=admin
local all all peer
EOF
sudo install -m 640 -o postgres -g postgres-data \
install -m 755 -o root -g root \
-t /home/postgresql/bin/ {} +
-sudo sv -w 1 start /etc/sv/postgres
+sudo ln -fns \
+ ../sv/"$sv" \
+ /etc/service/"$sv"
+rule _runit_sv_start "$sv"
while ! sudo -u postgres psql </dev/null
do sleep 1; done
+
# NOTE: supprime l'accès au schéma public depuis public,
# de sorte à ce que les différents utilisateurices
# ne voient pas leurs bases de données entre-elleux ;
# et utilisateurices depuis public.
sudo -u postgres psql template1 -a -f - <<-EOF
\set ON_ERROR_STOP on
- REVOKE ALL ON pg_auth_members FROM public;
- REVOKE ALL ON pg_authid FROM public;
- REVOKE ALL ON pg_database FROM public;
- REVOKE ALL ON pg_group FROM public;
- REVOKE ALL ON pg_roles FROM public;
- REVOKE ALL ON pg_settings FROM public;
- REVOKE ALL ON pg_tablespace FROM public;
- REVOKE ALL ON pg_user FROM public;
+ REVOKE ALL ON ALL TABLES IN SCHEMA pg_catalog FROM public;
+ REVOKE ALL ON SCHEMA pg_catalog FROM public;
+ -- REVOKE ALL ON pg_auth_members FROM public;
+ -- REVOKE ALL ON pg_authid FROM public;
+ -- REVOKE ALL ON pg_database FROM public;
+ -- REVOKE ALL ON pg_group FROM public;
+ -- REVOKE ALL ON pg_roles FROM public;
+ -- REVOKE ALL ON pg_settings FROM public;
+ -- REVOKE ALL ON pg_tablespace FROM public;
+ -- REVOKE ALL ON pg_user FROM public;
EOF