[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: common database policy/infrastracture

hi karsten,

On Mon, Dec 20, 2004 at 11:02:00AM +0100, Karsten Hilbert wrote:
> but we'll deal with that easily. Our current code is intended
> to a) accept an existing database, b) accept not needing to
> create the database user that will own the GnuMed database, c)
> try to continue working in case we cannot become root and/or
> postgres in order to do a) or b) -- which isn't necessary
> if a) and b) are done by dbconfig-common already.

cool, then we're probably okay.

> > On Fri, Dec 17, 2004 at 11:47:00AM +0100, Karsten Hilbert wrote:
> > are these actual mysql/pgsql database users,
> Yes.
> > or users stored inside the gnumed database?
> No.

well dbconfig-common can handle the creation of one user already, it'd
probably be simplest to create that user, and use it to dole out other
users+privileges.  that may mean that you'd have to do something in your
bootstrap script to grant any extra privileges that the user would need
to do so.

> If dbconfig-common creates gm-dbowner (which is a database
> owner intended to own all GnuMed database objects and which has
> create-db and create-user rights) that would be enough. We
> would then just rely on that and create "our" users/groups
> under that account. dbconfig-common would just need to make
> sure the "gnumed" database is created such that it is owned by
> gm-dbowner.

i don't think the user is by default granted create user and create
db rights, at least in mysql.  i'm really out of my area of expertise
with pgsql, so it may be different there.  in mysql, at least, that
would be of some concern to me as a sysadmin/dba that one of my database
applications could potentially have full administrative access to
all the databases on my system.



Attachment: signature.asc
Description: Digital signature

Reply to: