Skip site navigation (1) Skip section navigation (2)

Re: Bug#21681: postgresql: Doesn't allow granting to www-data

From: John Goerzen <jgoerzen(at)complete(dot)org>
To: "Oliver Elphick" <olly(at)lfix(dot)co(dot)uk>
Cc: pgsql-hackers(at)postgresql(dot)org, 21681-done(at)bugs(dot)debian(dot)org
Subject: Re: Bug#21681: postgresql: Doesn't allow granting to www-data
Date: 1998-04-29 05:13:52
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
To bring everything back to base here...In one of the posts CC'd to
me, somebody wondered how this mess got started, so let me recap...

On Debian, a webserver runs under the user www-data.  I had created a
www-data user for PostgreSQL using createuser, so that CGI scripts
would be able to access the database (using ident authentication).
However, the newer Postgres releases default to not granting select to 
public (wise), so it did not work on the first try.  I looked into it, 
and remembered -- Ah ha! -- that I needed to grant all (in this case)
to www-data.  However, psql wouldn't parse my grant command due to the 
hyphen in the www-data username.  I had no problem creating the user
(although it appears now that the SQL way of creating the user may be
broken/strange).  I also had no problem getting the CGI to connect to
the database once www-data was able to access the tables.  (I was able 
to use a temporary workaround of granting all to public on the
specific tables, since nobody else happens to have a user account with 
this postgres installation).

The problem, then, was the GRANT command for me.  I reported this
using Debian's bug-tracking system as per usual procedure, and Oliver
sent it on up to y'all as per usual procedure.

"Oliver Elphick" <olly(at)lfix(dot)co(dot)uk> writes:

> However there is, as you say in another mail, no convenient way of
> doing that automatically.  We need an environment variable or a
> command-line option to specify the user and (optionally) password.

ident will work fine for the CGI.  It is just that I need to be able
to grant access to the ident'd user :-)

And finally, I hope you excuse this paragraph in the Debian logs
Oliver... :-)

FYI, while the -hackers are getting CCd anyway, I ought to mention
here how amazingly cool I think Postgres is.  At work, I am currently
writing a multiplatform Perl/Tk application using DBI::Pg as the
database driver, and Postgres running on BSDi.  (One of my jobs is at
an ISP, where BSDi is in heavy use.)  Besides being free (yay!  it's a 
smallish ISP), it also is the only one that runs natively on BSDi
(this is the BIG win), excepting the mSQLs of the world that we would
rather ignore :-)  Another person there is investigating moving all of 
the billing information over from flatfile ASCII databases to a
Postgres database, and I will be working with moving usage accounting
software from flatfile databases to Postgres, as well as my current
call tracking project.  Nobody has officially said that we will stick
with Postgres, but I think it is likely.  Good job guys!  (At home, I
do the relatively simple task of indexing my videotape collection with 
a couple of tables with no more than 700 rows each, compared with
15000/table with 10 tables at work <g>)

John Goerzen        Linux, Unix programming           jgoerzen(at)complete(dot)org |
Developer, Debian GNU/Linux (Free powerful OS upgrade) |
``You'll notice that this scanner, Bill [Gates]...''  <Blue Screen of Death>
``Whoa!''  <Applause>   ``Moving right along....''  -- Microsoft (Comdex
      video at:

In response to

pgsql-hackers by date

Next:From: David GouldDate: 1998-04-29 05:32:33
Subject: Re: [HACKERS] Revised proposal for libpq and FE/BE protocol changes
Previous:From: Bruce MomjianDate: 1998-04-29 03:56:21
Subject: Re: [HACKERS] Re: Bug#21681: postgresql: Doesn't allow granting to

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group