Commit 83190899 authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

bugfix in create_readonly_postgres_user: granting SELECT on pg_authid should...

bugfix in create_readonly_postgres_user: granting SELECT on pg_authid should be handled separately from readonly user creation
parent 7847a230
......@@ -308,11 +308,14 @@ function create_readonly_postgres_user() {
echo " +-- password: $RUSER_PW"
fi
# make sure the role exists and has the basic required privileges (and lacks the unneeded ones)
# make sure the role exists
PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -c "
CREATE ROLE $RUSER_NAME NOSUPERUSER NOCREATEDB NOCREATEROLE LOGIN NOREPLICATION PASSWORD '$RUSER_PW';
GRANT SELECT ON pg_authid TO $RUSER_NAME;" postgres \
|| { display_error "Error creating the $RUSER_NAME role and granting SELECT on pg_authid."; return 1; }
CREATE ROLE $RUSER_NAME NOSUPERUSER NOCREATEDB NOCREATEROLE LOGIN NOREPLICATION PASSWORD '$RUSER_PW';" postgres \
|| { display_error "Error creating the $RUSER_NAME role."; return 1; }
# make sure the role has the basic required privileges (and lacks the unneeded ones)
PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -c "GRANT SELECT ON pg_authid TO $RUSER_NAME;" postgres \
|| { display_error "Error granting $RUSER_NAME role SELECT on pg_authid."; return 1; }
# get the list of roles
ROLES="$( PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -qt -c '\dg' postgres | grep '|' | cut -d '|' -f 1 | tr -d ' ' | egrep -v '^$' )" \
......@@ -604,4 +607,4 @@ function ssh_rsa_decrypt {
# decrypt from stdin to stdout
openssl pkeyutl -decrypt -inkey "$PRIVKEY"
}
export -f ssh_rsa_decrypt
\ No newline at end of file
export -f ssh_rsa_decrypt
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment