diff options
| author | Jeremy Kerr <jk@ozlabs.org> | 2008-10-09 22:49:18 +1100 |
|---|---|---|
| committer | Jeremy Kerr <jk@ozlabs.org> | 2008-10-09 22:49:18 +1100 |
| commit | 4a039197705f92ee1c362401a7f7bb834ecc9079 (patch) | |
| tree | 4d5ab43e19b9e0edb1c990a0baa92c4b63a1d79b | |
| parent | 65404776f7f0e975737a5c8c69dc0b2ae5fe93da (diff) | |
| download | patchwork-4a039197705f92ee1c362401a7f7bb834ecc9079.tar.bz2 patchwork-4a039197705f92ee1c362401a7f7bb834ecc9079.tar.xz | |
[sql] use separate grant-all scripts for postgresql and mysql
Mysql doesn't support granting to multiple tables, and requires a
different username format.
Would be nice to code the permissions somewhere, then generate the
grant statements as required.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
| -rw-r--r-- | docs/INSTALL | 23 | ||||
| -rw-r--r-- | lib/sql/grant-all.mysql.sql | 35 | ||||
| -rw-r--r-- | lib/sql/grant-all.postgres.sql (renamed from lib/sql/grant-all.sql) | 0 |
3 files changed, 50 insertions, 8 deletions
diff --git a/docs/INSTALL b/docs/INSTALL index 8f3aab9..05fea7c 100644 --- a/docs/INSTALL +++ b/docs/INSTALL @@ -29,16 +29,21 @@ in brackets): user that your mail server runs as). On Ubuntu these are www-data and nobody, respectively. - PostgreSQL: - createdb patchwork - createuser www-data - createuser nobody + For PostgreSQL - MySQL: + $ createdb patchwork + $ createuser www-data + $ createuser nobody + + - postgres uses the standard UNIX authentication, so these users + will only be accessible for processes running as the same username. + This means that no passwords need to be set. + + For MySQL: $ mysql > CREATE DATABASE 'patchwork'; - > INSERT INTO user (Host, User) VALUES ('localhost', 'www-data'); - > INSERT INTO user (Host, User) VALUES ('localhost', 'nobody'); + > CREATE USER 'www-data'@'localhost' IDENTIFIED BY '<password>'; + > CREATE USER 'nobody'@'localhost' IDENTIFIED BY '<password>'; 2. Django setup @@ -99,8 +104,10 @@ in brackets): And add privileges for your mail and web users: Postgresql: - psql -f lib/sql/grant-all.sql patchwork + psql -f lib/sql/grant-all.postgres.sql patchwork + MySQL: + mysql patchwork < lib/sql/grant-all.mysql.sql 3. Apache setup diff --git a/lib/sql/grant-all.mysql.sql b/lib/sql/grant-all.mysql.sql new file mode 100644 index 0000000..4dd6efb --- /dev/null +++ b/lib/sql/grant-all.mysql.sql @@ -0,0 +1,35 @@ +BEGIN; +-- give necessary permissions to the web server. Becuase the admin is all +-- web-based, these need to be quite permissive +GRANT SELECT, UPDATE, INSERT, DELETE ON auth_message TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON django_session TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON django_site TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON django_admin_log TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON django_content_type TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group_permissions TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user_groups TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user_user_permissions TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON auth_permission TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userpersonconfirmation TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_state TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_comment TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_person TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile_maintainer_projects TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_project TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_bundle TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_bundle_patches TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patch TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON registration_registrationprofile TO 'www-data'@localhost; + +-- allow the mail user (in this case, 'nobody') to add patches +GRANT INSERT, SELECT ON patchwork_patch TO 'nobody'@localhost; +GRANT INSERT, SELECT ON patchwork_comment TO 'nobody'@localhost; +GRANT INSERT, SELECT ON patchwork_person TO 'nobody'@localhost; +GRANT SELECT ON patchwork_project TO 'nobody'@localhost; +GRANT SELECT ON patchwork_state TO 'nobody'@localhost; + +COMMIT; + diff --git a/lib/sql/grant-all.sql b/lib/sql/grant-all.postgres.sql index 72e1f31..72e1f31 100644 --- a/lib/sql/grant-all.sql +++ b/lib/sql/grant-all.postgres.sql |