Database/Users

From DAViCal Wiki

Jump to: navigation, search

For security reasons it is good practice to have different database users for:

  • administration of the database schema and static lookup tables
  • application connectivity to the database

Since 0.9.3 of DAViCal the database creation script sets these up by default as:

  • davical_dba
  • davical_app

in prior versions a user called general was given the privileges which were subsequently given to the app_davical user.

From 0.9.4 the davical_app user is assigned the correct privileges and should be used to connect to the database.

The database upgrade program (dba/update-rscds-database) can be used to apply appropriate permissions to a new app_davical user on older installations if you wish. This might be desirable for forward compatibity, since future instructions are likely to use this username (as davical has become the default database name). 

createuser davical_app   (respond 'no' to all the questions)
edit /etc/postgresql/8.1/main/pg_hba.conf  (or wherever it is) and set permissions for the new user
update-rscds-database --dbname rscds --appuser davical_app --nopatch --revoke general

The first command will create a new database user (on non-Debian systems you may have to issue a CREATE USER ... command in psql). The second one will apply the minimum set of permissions to that user. Once you have done this you will still need to edit the config file and change: 

$c->pg_connect[] = ...user=general ...

to: 

$c->pg_connect[] = ...user=davical_app ...
Retrieved from "http://wiki.davical.org/w/Database/Users"
Personal tools