diff --git a/scripts/psql.sh b/scripts/psql.sh index 0b15689..64fa8d9 100644 --- a/scripts/psql.sh +++ b/scripts/psql.sh @@ -7,6 +7,11 @@ # Point of contact : Jean-Baptiste Holcroft #================================================= +# Create a master password and set up global settings +# Please always call this script in install and restore scripts +# +# usage: ynh_psql_test_if_first_run + ynh_psql_test_if_first_run() { if [ -f /etc/yunohost/psql ]; then @@ -27,8 +32,12 @@ ynh_psql_test_if_first_run() { fi systemctl start postgresql - su --command="psql -c\"ALTER user postgres WITH PASSWORD '${pgsql}'\"" postgres - # we can't use peer since YunoHost create users with nologin + sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$pgsql'" postgres + + # force all user to connect to local database using passwords + # https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF + # Note: we can't use peer since YunoHost create users with nologin + # See: https://github.com/YunoHost/yunohost/blob/unstable/data/helpers.d/user sed -i '/local\s*all\s*all\s*peer/i \ local all all password' "$pg_hba" systemctl enable postgresql @@ -49,7 +58,7 @@ ynh_psql_connect_as() { user="$1" pwd="$2" db="$3" - su --command="PGUSER=\"${user}\" PGPASSWORD=\"${pwd}\" psql \"${db}\"" postgres + sudo --login --user=postgres PGUSER="$user" PGPASSWORD="$pwd" psql "$db" } # # Execute a command as root user @@ -59,7 +68,7 @@ ynh_psql_connect_as() { # | arg: db - the database to connect to ynh_psql_execute_as_root () { sql="$1" - su --command="psql" postgres <<< "$sql" + sudo --login --user=postgres psql <<< "$sql" } # Execute a command from a file as root user @@ -70,7 +79,7 @@ ynh_psql_execute_as_root () { ynh_psql_execute_file_as_root() { file="$1" db="$2" - su -c "psql $db" postgres < "$file" + sudo --login --user=postgres psql "$db" < "$file" } # Create a database, an user and its password. Then store the password in the app's config @@ -84,7 +93,6 @@ ynh_psql_execute_file_as_root() { # | arg: pwd - Password of the database. If not given, a password will be generated ynh_psql_setup_db () { db_user="$1" - app="$1" db_name="$2" new_db_pwd=$(ynh_string_random) # Generate a random password # If $3 is not given, use new_db_pwd instead for db_pwd. @@ -93,7 +101,7 @@ ynh_psql_setup_db () { ynh_app_setting_set "$app" psqlpwd "$db_pwd" # Store the password in the app's config } -# Create a database and grant optionnaly privilegies to a user +# Create a database and grant privilegies to a user # # usage: ynh_psql_create_db db [user [pwd]] # | arg: db - the database name to create @@ -104,7 +112,7 @@ ynh_psql_create_db() { user="$2" pwd="$3" ynh_psql_create_user "$user" "$pwd" - su --command="createdb --owner=\"${user}\" \"${db}\"" postgres + sudo --login --user=postgres createdb --owner="$user" "$db" } # Drop a database @@ -115,8 +123,8 @@ ynh_psql_create_db() { ynh_psql_remove_db() { db="$1" user="$2" - su --command="dropdb \"${db}\"" postgres - ynh_psql_drop_user "${user}" + sudo --login --user=postgres dropdb "$db" + ynh_psql_drop_user "$user" } # Dump a database @@ -128,7 +136,7 @@ ynh_psql_remove_db() { # | ret: the psqldump output ynh_psql_dump_db() { db="$1" - su --command="pg_dump \"${db}\"" postgres + sudo --login --user=postgres pg_dump "$db" } @@ -139,7 +147,7 @@ ynh_psql_dump_db() { ynh_psql_create_user() { user="$1" pwd="$2" - su --command="psql -c\"CREATE USER ${user} WITH PASSWORD '${pwd}'\"" postgres + sudo --login --user=postgres psql -c"CREATE USER $user WITH PASSWORD '$pwd'" postgres } # Drop a user @@ -148,5 +156,5 @@ ynh_psql_create_user() { # | arg: user - the user name to drop ynh_psql_drop_user() { user="$1" - su --command="dropuser \"${user}\"" postgres -} + sudo --login --user=postgres dropuser "$user" +} \ No newline at end of file