[Tickets #8082] Re: pgsql create script fails

bugs at horde.org bugs at horde.org
Fri Mar 20 18:56:34 UTC 2009 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/8082
------------------------------------------------------------------------------
  Ticket             | 8082
  Updated By         | karlnack at futurityinc.com
  Summary            | pgsql create script fails
  Queue              | Horde Base
  Version            | 3.3.3
  Type               | Bug
  State              | Assigned
  Priority           | 2. Medium
  Milestone          |
  Patch              | 1
  Owners             | Horde Developers
------------------------------------------------------------------------------


karlnack at futurityinc.com (2009-03-20 14:56) wrote:

>         Name        |  Owner   |          Access privileges
> --------------------+----------+--------------------------------
>  public             | postgres | {postgres=UC/postgres,=UC/postgres}

Ok, the default access privileges for public users are configured  
differently on our systems. The part "=UC/postgres" means public users  
can Use (i.e., select) and Create on the public schema (and these  
privileges have been granted by the user postgres). I've removed  
create privileges for public users in my database. That's why it's  
working for you and not for me.

By default, Postgres allows any account to login to any database and  
create objects on the public schema. I suppose it's possible someone  
may have gone a step further and configured their template database to  
prevent public users from logging in at all.

I imagine a foolproof version of the script would look something like this:

CREATE USER horde;
  -- ALTER USER horde WITH PASSWORD 'pass';
CREATE DATABASE horde OWNER horde;
\c horde horde;

Alternatively, if you don't want horde to own the database (I don't  
know the security implications one way or the other):

CREATE DATABASE horde;
CREATE USER horde;
  -- ALTER USER horde WITH PASSWORD 'pass';
GRANT CONNECT ON DATABASE horde TO horde;
\c horde
GRANT CREATE ON SCHEMA public TO horde;
SET ROLE horde;

I haven't test any of this, so you may want to play around and see  
how/if this works.

More information about the bugs mailing list