Commit 4a039197 authored by Jeremy Kerr's avatar Jeremy Kerr
Browse files

[sql] use separate grant-all scripts for postgresql and mysql



Mysql doesn't support granting to multiple tables, and requires a
different username format.

Would be nice to code the permissions somewhere, then generate the
grant statements as required.
Signed-off-by: default avatarJeremy Kerr <jk@ozlabs.org>
parent 65404776
......@@ -29,16 +29,21 @@ in brackets):
user that your mail server runs as). On Ubuntu these are
www-data and nobody, respectively.
PostgreSQL:
createdb patchwork
createuser www-data
createuser nobody
For PostgreSQL
MySQL:
$ createdb patchwork
$ createuser www-data
$ createuser nobody
- postgres uses the standard UNIX authentication, so these users
will only be accessible for processes running as the same username.
This means that no passwords need to be set.
For MySQL:
$ mysql
> CREATE DATABASE 'patchwork';
> INSERT INTO user (Host, User) VALUES ('localhost', 'www-data');
> INSERT INTO user (Host, User) VALUES ('localhost', 'nobody');
> CREATE USER 'www-data'@'localhost' IDENTIFIED BY '<password>';
> CREATE USER 'nobody'@'localhost' IDENTIFIED BY '<password>';
2. Django setup
......@@ -99,8 +104,10 @@ in brackets):
And add privileges for your mail and web users:
Postgresql:
psql -f lib/sql/grant-all.sql patchwork
psql -f lib/sql/grant-all.postgres.sql patchwork
MySQL:
mysql patchwork < lib/sql/grant-all.mysql.sql
3. Apache setup
......
BEGIN;
-- give necessary permissions to the web server. Becuase the admin is all
-- web-based, these need to be quite permissive
GRANT SELECT, UPDATE, INSERT, DELETE ON auth_message TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON django_session TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON django_site TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON django_admin_log TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON django_content_type TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group_permissions TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user_groups TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON auth_group TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON auth_user_user_permissions TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON auth_permission TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userpersonconfirmation TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_state TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_comment TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_person TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_userprofile_maintainer_projects TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_project TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_bundle TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_bundle_patches TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON patchwork_patch TO 'www-data'@localhost;
GRANT SELECT, UPDATE, INSERT, DELETE ON registration_registrationprofile TO 'www-data'@localhost;
-- allow the mail user (in this case, 'nobody') to add patches
GRANT INSERT, SELECT ON patchwork_patch TO 'nobody'@localhost;
GRANT INSERT, SELECT ON patchwork_comment TO 'nobody'@localhost;
GRANT INSERT, SELECT ON patchwork_person TO 'nobody'@localhost;
GRANT SELECT ON patchwork_project TO 'nobody'@localhost;
GRANT SELECT ON patchwork_state TO 'nobody'@localhost;
COMMIT;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment