Difference between revisions of "Update-davical-database"

From Davical
Jump to navigationJump to search
m
m
Line 133: Line 133:
 
Options on the command-line will override any values set in the configuration file.
 
Options on the command-line will override any values set in the configuration file.
  
== Database Passwords ==
+
== Securing Database Passwords ==
Rather than providing a password in the configuration file or on the command-line it is recommended that you use a .pgpass file in your home directory to hold the database password.  This file must be mode 600 to work.
+
Rather than providing a password in the configuration file or on the command-line, where it could potentially be viewed by other users of your system, it is recommended that you use a .pgpass file in your home directory to hold the database password.  This file must be mode 600 to work.
  
 
A .pgpass file should contain lines of the following format:
 
A .pgpass file should contain lines of the following format:
Line 145: Line 145:
 
  secure.db.server.net:5433:davical_dba:3xtr3m31y 5ecr3t parswurd
 
  secure.db.server.net:5433:davical_dba:3xtr3m31y 5ecr3t parswurd
  
And, of course, it will be in your home directory.
+
And of course, as mentioned above, it must be in your home directory, mode 600.

Revision as of 23:56, 11 February 2008

Purpose

The update-rscds-database program exists to update the database schema, functions and fixed data when programming changes make it necessary to change the database structure.

Configuration

The update-rscds-database program will look for a configuration file called administration.yml which should be located in the same directory as your DAViCal configuration files - usually /etc/davical or /etc/rscds.

Configuration Settings

The database username for connecting with sufficient rights to create tables, functions and granting access to other users, e.g.:

admin_db_user: davical_dba

The password. Leading and trailling spaces are stripped, so don't do that. E.g.:

admin_db_pass: very, very 5ecret

The hostname/IP. Not needed if using unix sockets to a local server. Some examples would be:

admin_db_host: 2401:170:20:17::1024:0
admin_db_host: 172.17.217.2
admin_db_host: dbserver.davical.net

The database name, e.g.:

admin_db_name: davical

The database port. Not needed if it is the default '5432', e.g.:

admin_db_port: 5432

The name of the database user the web application uses to connect, e.g.:

app_db_user: davical_app

Example for 0.9.2 and prior

If you installed DAViCal at version 0.9.2 or earlier then the database is most likely called 'rscds' and the web application will connect to the database as the 'general' database user. A base administration.yml file would look like this:

##
## The database username for connecting with sufficient rights to create
## tables, functions and granting access to other users.
admin_db_user: postgres

##
## The password.  Leading and trailling spaces are stripped, so don't do that
#admin_db_pass: very, very 5ecret

##
## The hostname/IP.  Not needed if using unix sockets to a local server.
#admin_db_host: 2401:170:20:17::1024:0
#admin_db_host: 172.17.217.2
#admin_db_host: dbserver.davical.net

##
## The database name
admin_db_name: rscds

##
## The database port.  Not needed if it is the default '5432'
#admin_db_port: 5432

##
## The name of the database user the web application uses to connect
app_db_user: general

Example for 0.9.3 installations

If you installed DAViCal from version 0.9.3, the database will probably be named 'davical' and the web application will connect to the database as the 'general' database user. A base administration.yml file would look like this:

##
## The database username for connecting with sufficient rights to create
## tables, functions and granting access to other users.
admin_db_user: postgres

##
## The password.  Leading and trailling spaces are stripped, so don't do that
#admin_db_pass: very, very 5ecret

##
## The hostname/IP.  Not needed if using unix sockets to a local server.
#admin_db_host: 2401:170:20:17::1024:0
#admin_db_host: 172.17.217.2
#admin_db_host: dbserver.davical.net

##
## The database name
admin_db_name: davical

##
## The database port.  Not needed if it is the default '5432'
#admin_db_port: 5432

##
## The name of the database user the web application uses to connect
app_db_user: general

Example for post 0.9.4 installations

If you installed DAViCal from 0.9.4 or later, the defaults for update-rscds-database will usually be OK. A base administration.yml file would look like this:

##
## The database username for connecting with sufficient rights to create
## tables, functions and granting access to other users.
admin_db_user: davical_dba

##
## The password.  Leading and trailling spaces are stripped, so don't do that
#admin_db_pass: very, very 5ecret

##
## The hostname/IP.  Not needed if using unix sockets to a local server.
#admin_db_host: 2401:170:20:17::1024:0
#admin_db_host: 172.17.217.2
#admin_db_host: dbserver.davical.net

##
## The database name
admin_db_name: davical

##
## The database port.  Not needed if it is the default '5432'
#admin_db_port: 5432

##
## The name of the database user the web application uses to connect
app_db_user: davical_app


Command-line Options

update-rscds-database [options]

Options are:
   --debug           Turn on debugging
   --dbname  name    The database to dig into
   --dbuser  name    Connect to the database as this user.
   --dbport  5432    Connect to the database on this port.
   --dbhost  name    Connect to the database on this host.
   --appuser name    The username which the application uses for it's database
                     connection.
   --nopatch         Don't try and apply any patches
   --revoke  name    Revoke permissions from this user

The program will apply any patches to the database which have not yet been applied, run any desired data patch scripts and set the correct minimum permissions for the web application user.

Options on the command-line will override any values set in the configuration file.

Securing Database Passwords

Rather than providing a password in the configuration file or on the command-line, where it could potentially be viewed by other users of your system, it is recommended that you use a .pgpass file in your home directory to hold the database password. This file must be mode 600 to work.

A .pgpass file should contain lines of the following format:

hostname:port:database:username:password

So, for DAViCal typically this will be something like:

*:*:davical:davical_dba:very, very 5ecret
secure.db.server.net:5433:davical_dba:3xtr3m31y 5ecr3t parswurd

And of course, as mentioned above, it must be in your home directory, mode 600.