From 82f353ce4e3c19f01fcf078b76ae613550673c75 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 15 Sep 2023 09:51:09 +0200 Subject: have dbconfig also set permissions --- contrib/taler-exchange-dbconfig | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) (limited to 'contrib/taler-exchange-dbconfig') diff --git a/contrib/taler-exchange-dbconfig b/contrib/taler-exchange-dbconfig index dc92abbd1..8fb05d738 100755 --- a/contrib/taler-exchange-dbconfig +++ b/contrib/taler-exchange-dbconfig @@ -21,13 +21,14 @@ set -eu RESET_DB=0 SKIP_DBINIT=0 +FORCE_PERMS=0 DBUSER="taler-exchange-httpd" DBGROUP="taler-exchange-db" DBNAME="exchange" CFGFILE="/etc/taler/secrets/exchange-db.secret.conf" # Parse command-line options -while getopts ':g:hn:rsu:' OPTION; do +while getopts ':g:hn:prsu:' OPTION; do case "$OPTION" in h) echo 'Supported options:' @@ -36,6 +37,7 @@ while getopts ':g:hn:rsu:' OPTION; do echo " -h -- print this help text" echo " -n NAME -- user NAME for database name (default: $DBNAME)" echo " -r -- reset database (dangerous)" + echo " -p -- force permission setup even without database initialization" echo " -s -- skip database initialization" echo " -u USER -- taler-exchange to be run by USER (default: $DBUSER)" exit 0 @@ -43,6 +45,9 @@ while getopts ':g:hn:rsu:' OPTION; do n) DBNAME="$OPTARG" ;; + p) + FORCE_PERMS="1" + ;; r) RESET_DB="1" ;; @@ -132,6 +137,24 @@ then sudo -u "$DBUSER" taler-exchange-dbinit fi +if [ 0 = "$SKIP_DBINIT" ] || [ 1 = "$FORCE_PERMS" ] +then + DB_GRP="$(getent group "$DBGROUP" | sed -e "s/.*://g" -e "s/,/ /g")" + echo "Initializing permissions for '$DB_GRP'." 1>&2 + for GROUPIE in $DB_GRP + do + if [ "$GROUPIE" != "$DBUSER" ] + then + sudo -u "$DBUSER" \ + echo -e 'GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA exchange TO "'"$GROUPIE"'";\n' \ + 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA exchange TO "'"$GROUPIE"'";\n' \ + | psql taler-exchange + fi + done +fi + + + echo "Database configuration finished." 1>&2 exit 0 -- cgit v1.2.3