Mercurial > gemma

comparison schema/install-db.sh @ 478:3af7ca761f6a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Purge password reset role The risk of SQL-injections and thus privilege escalation via the metamorphic user was estimated not high enough to justify the extra role. Thus, bring database back in line with rev. ffdb507d5b42 and re-enable password reset.
author Tom Gottfried <tom@intevation.de>
date Thu, 23 Aug 2018 16:41:44 +0200
parents 638371a0e557
children ad07846b09d1
comparison
equal deleted inserted replaced
477:00b52d653039 478:3af7ca761f6a
14 -d, --db=NAME create the database NAME. Default: "gemma" 14 -d, --db=NAME create the database NAME. Default: "gemma"
15 -p, --port=PORT connect do the postgresql cluster at PORT. 15 -p, --port=PORT connect do the postgresql cluster at PORT.
16 Default is the postgresql standard port 5432 16 Default is the postgresql standard port 5432
17 -D, --demo also install demo accounts and data 17 -D, --demo also install demo accounts and data
18 --adminpw set the password to use for the "sysadmin" account. 18 --adminpw set the password to use for the "sysadmin" account.
19 Default is a random password.
20 --servicepw set the password to use for the "gemma_service" account.
21 Default is a random password. 19 Default is a random password.
22 --metapw set the password to use for the "meta_login" account. 20 --metapw set the password to use for the "meta_login" account.
23 Default is a random password. 21 Default is a random password.
24 --drop drop database and all roles 22 --drop drop database and all roles
25 --help display this help and exit 23 --help display this help and exit
45 db=gemma 43 db=gemma
46 port=5432 44 port=5432
47 demo=0 45 demo=0
48 drop=0 46 drop=0
49 adminpw=`genpw 15` 47 adminpw=`genpw 15`
50 servicepw=`genpw 15`
51 metapw=`genpw 15` 48 metapw=`genpw 15`
52 49
53 # Parse options: 50 # Parse options:
54 51
55 OPTS=`getopt \ 52 OPTS=`getopt \
56 -l help,demo,db:,port:,drop,adminpw:,servicepw:,metapw: \ 53 -l help,demo,db:,port:,drop,adminpw:,metapw: \
57 -o Dd:p: -n "$ME" -- "$@"` 54 -o Dd:p: -n "$ME" -- "$@"`
58 [ $? -eq 0 ] || { usage ; exit 1 ; } 55 [ $? -eq 0 ] || { usage ; exit 1 ; }
59 56
60 eval set -- "$OPTS" 57 eval set -- "$OPTS"
61 58
69 port="$2" 66 port="$2"
70 shift 2 67 shift 2
71 ;; 68 ;;
72 --adminpw) 69 --adminpw)
73 adminpw="$2" 70 adminpw="$2"
74 shift 2
75 ;;
76 --servicepw)
77 servicepw="$2"
78 shift 2 71 shift 2
79 ;; 72 ;;
80 --metapw) 73 --metapw)
81 metapw="$2" 74 metapw="$2"
82 shift 2 75 shift 2
112 -f "$BASEDIR/manage_users.sql" \ 105 -f "$BASEDIR/manage_users.sql" \
113 -f "$BASEDIR/auth.sql" 106 -f "$BASEDIR/auth.sql"
114 107
115 # setup initial login roles with given passwords: 108 # setup initial login roles with given passwords:
116 psql -qt -p "$port" -d "$db" \ 109 psql -qt -p "$port" -d "$db" \
117 -v adminpw="$adminpw" -v servicepw="$servicepw" -v metapw="$metapw" \ 110 -v adminpw="$adminpw" -v metapw="$metapw" \
118 -f "$BASEDIR/std_login_roles.sql" 111 -f "$BASEDIR/std_login_roles.sql"
119 112
120 if [[ $demo -eq 1 ]] ; then 113 if [[ $demo -eq 1 ]] ; then
121 psql -qv ON_ERROR_STOP= -p "$port" \ 114 psql -qv ON_ERROR_STOP= -p "$port" \
122 -f "$BASEDIR/demo-data/responsibility_areas.sql" \ 115 -f "$BASEDIR/demo-data/responsibility_areas.sql" \
131 echo "Really drop database '$db' and all gemma roles? [type 'yes']: " 124 echo "Really drop database '$db' and all gemma roles? [type 'yes']: "
132 read a 125 read a
133 if [[ $a == "yes" ]] ; then 126 if [[ $a == "yes" ]] ; then
134 dropdb -p "$port" "$db" 127 dropdb -p "$port" "$db"
135 psql -p $port -A -t -c '\du' | awk -F '|' -v port=$port \ 128 psql -p $port -A -t -c '\du' | awk -F '|' -v port=$port \
136 '$1 "." $3 ~ /waterway_user|waterway_admin|sys_admin|pw_reset|metamorph/ \ 129 '$1 "." $3 ~ /waterway_user|waterway_admin|sys_admin|metamorph/ \
137 { system("dropuser -p " port " \"" $1 "\"") }' 130 { system("dropuser -p " port " \"" $1 "\"") }'
138 else 131 else
139 echo "No harm done." 132 echo "No harm done."
140 fi 133 fi
141 fi 134 fi