hi craig, On Tue, Sep 27, 2005 at 08:52:47AM +1000, Craig Small wrote: > On Mon, Sep 26, 2005 at 03:26:48AM -0400, sean finney wrote: > > it should only be attempting to chown if the app was configured to > > install via "ident sameuser", which currently is the default (because > > by default this is the only method that will work out of the box). of > > course, if there's no system user, that won't work either. > Why not login as postgres, get that user to add the tables then get > them to be owned by the other user? > ALTER TABLE blah OWNER TO newuser
unfortunately, this would require me to know what was in the contents
of every sql file used by dbconfig-common using packages, or to
otherwise divine what tables in a database were created by a package.
i really think connecting with the dbuser credentials is the right way,
and that the problem is dbconfig-common is not picking a good default
connecting method based on your settings.
so, i propose two things to address this:
- detect in the postinst if the named system doesn't exist, and if not
throw the following error in debconf:
"the user dbtestpgsql doesn't exist, so ident sameuser won't work.
would you like to abort, retry, or retry with different settings?"
- more generally, if the user does exist, detect whether postgres will
allow the connection (which will also work for other connection types)
by inspecting pg_hba.conf. and if it probably won't work:
"it looks like your postgres configuration will need to be modified to
allow connections for your package. this can be done for you, or if
you prefer to do it manually, here's the line to add:"
i'm working as we speak with the postgres maintainer, who is going to
provide the tools to inspect and modify the configuration, which will
make things kosher wrt policy.
> > it definitely shouldn't be doing that. the only time it should be
> > connecting to template one is when it is testing the connection or
> > creating the database user. i think there's some variable polution
> > going on somewhere, i'll look into that.
> Looking into it more, the database name is initially correct before the
> create user but becomes template1 after it. I'm guessing you have a
> missing local somewhere, but it was nowhere obvious.
yeah, that's what i'm guessing too. i'm still looking into it; i'll get
back to you if i find sometihng.
sean
signature.asc
Description: Digital signature
