On Mon, 2009-07-13 at 11:03 +0200, steve wrote:
Krishnakant wrote:
On Mon, 2009-07-13 at 13:53 +0530, Raj Mathur wrote:
On Monday 13 Jul 2009, Krishnakant wrote:
[snip] I have been trying to make a demon for gnukhata's server and want it to run as the postgres user.
Bad idea. Please let the install script create a separate system user for gnukhata and enable that user to create databases, etc. in PgSQL. Running as the postgres user is _strongly_ deprecated.
But this is what postgresql developres themselves are recommending. I personally know and even met of of the core developers of pg and he is also a consultent. He told me that the best thing to do is keep the postgres user as dedicated user which can access the database from only localhost.
I think you are confusing the role of the postgres user (which is responsible for running/managing the _postgres_ daemon) and a user that needs to use the DB.
I am assuming that in your case, the gunkhata daemon only needs to use the DB (ie: create, add, update ...etc the gnukhata database). So, in that respect, the gnukhata daemon would be a 'client' or a user in the postgres server.
yes that's the right asumtion.
However, to ensure that the gnukhata daemon which would have the ability to create databases on your postgres server, is isolated, you would ideally create a gnukhata user, like Raj Mathur suggested. Agreed.
Now the confusion is pritty clear to the developers I believe.
then you can have the xmlrpc server run on that same machine and so the remote clients just can't access the database directly, because the access is denyed.
This bit is correct, but it relates to the user that accesses the database.
So this means the dedicated user can be kept for local access same as the default postgres user.
This is fine and perfect. Now my next problem is, since I never created deb packages, need to know how I can automate this process of creating the db, creating the dedicated user and also setting a password if at all.
Right now I am managing to create a deb package which runs the setup.py (distutil ) for gnukhata. I altered the rules file for this. But now want to know how and where I put the code for creating the user and database?
happy hacking. Krishnakant.