Re: Bug#21681: postgresql: Doesn't allow granting to www-data

To bring everything back to base here...In one of the posts CC'd to
me, somebody wondered how this mess got started, so let me recap...

On Debian, a webserver runs under the user www-data. I had created a
www-data user for PostgreSQL using createuser, so that CGI scripts
would be able to access the database (using ident authentication).
However, the newer Postgres releases default to not granting select to
public (wise), so it did not work on the first try. I looked into it,
and remembered -- Ah ha! -- that I needed to grant all (in this case)
to www-data. However, psql wouldn't parse my grant command due to the
hyphen in the www-data username. I had no problem creating the user
(although it appears now that the SQL way of creating the user may be
broken/strange). I also had no problem getting the CGI to connect to
the database once www-data was able to access the tables. (I was able
to use a temporary workaround of granting all to public on the
specific tables, since nobody else happens to have a user account with
this postgres installation).

The problem, then, was the GRANT command for me. I reported this
using Debian's bug-tracking system as per usual procedure, and Oliver
sent it on up to y'all as per usual procedure.

"Oliver Elphick" <olly(at)lfix(dot)co(dot)uk> writes:

> However there is, as you say in another mail, no convenient way of
> doing that automatically. We need an environment variable or a
> command-line option to specify the user and (optionally) password.

ident will work fine for the CGI. It is just that I need to be able
to grant access to the ident'd user :-)

And finally, I hope you excuse this paragraph in the Debian logs
Oliver... :-)

FYI, while the -hackers are getting CCd anyway, I ought to mention
here how amazingly cool I think Postgres is. At work, I am currently
writing a multiplatform Perl/Tk application using DBI::Pg as the
database driver, and Postgres running on BSDi. (One of my jobs is at
an ISP, where BSDi is in heavy use.) Besides being free (yay! it's a
smallish ISP), it also is the only one that runs natively on BSDi
(this is the BIG win), excepting the mSQLs of the world that we would
rather ignore :-) Another person there is investigating moving all of
the billing information over from flatfile ASCII databases to a
Postgres database, and I will be working with moving usage accounting
software from flatfile databases to Postgres, as well as my current
call tracking project. Nobody has officially said that we will stick
with Postgres, but I think it is likely. Good job guys! (At home, I
do the relatively simple task of indexing my videotape collection with
a couple of tables with no more than 700 rows each, compared with
15000/table with 10 tables at work <g>)

--
John Goerzen Linux, Unix programming jgoerzen(at)complete(dot)org |
Developer, Debian GNU/Linux (Free powerful OS upgrade) www.debian.org |
----------------------------------------------------------------------------+
``You'll notice that this scanner, Bill [Gates]...'' <Blue Screen of Death>
``Whoa!'' <Applause> ``Moving right along....'' -- Microsoft (Comdex
video at: http://cnn.com/TECH/computing/9804/20/gates.comdex/index.html