modified livesupport-station installation to provide our own pg_hba.conf

2005-08-12 17:18:35 +00:00 · 2005-08-12 17:18:35 +00:00 · d2eb874fdd
commit d2eb874fdd
parent 3a08d452d9
4 changed files with 124 additions and 3 deletions
--- a/livesupport/bin/postInstallStation.sh
+++ b/livesupport/bin/postInstallStation.sh
@ -22,7 +22,7 @@
 #
 #
 #   Author   : $Author: fgerlits $
-#   Version  : $Revision: 1.4 $
+#   Version  : $Revision: 1.5 $
 #   Location : $Source: /home/paul/cvs2svn-livesupport/newcvsrepo/livesupport/bin/postInstallStation.sh,v $
 #-------------------------------------------------------------------------------
 #-------------------------------------------------------------------------------
@ -286,6 +286,21 @@ fi
 rm -f $group_tmp_file;
 #-------------------------------------------------------------------------------
 #  Install the new pg_hba.conf file
 #-------------------------------------------------------------------------------
 echo "Modifying postgresql access permissions...";
 pg_config_dir=/etc/postgresql
 pg_config_file=pg_hba.conf
 pg_config_file_saved=pg_hba.conf.before-livesupport
 if [ -f $pg_config_dir/$pg_config_file ] ; then
    mf -f $pg_config_dir/$pg_config_file $pg_config_dir/$pg_config_file_saved ;
 fi
 cp $install_etc/$pg_config_file $pg_config_dir/$pg_config_file
 #-------------------------------------------------------------------------------
 #  Create the necessary database user and database itself
 #-------------------------------------------------------------------------------
--- a/livesupport/etc/Makefile.in
+++ b/livesupport/etc/Makefile.in
@ -20,8 +20,8 @@
 #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 #
-#   Author   : $Author: tomas $
+#   Author   : $Author: fgerlits $
-#   Version  : $Revision: 1.17 $
+#   Version  : $Revision: 1.18 $
 #   Location : $Source: /home/paul/cvs2svn-livesupport/newcvsrepo/livesupport/etc/Makefile.in,v $
 #-------------------------------------------------------------------------------
@ -431,6 +431,7 @@ install: setup compile create_database install_modules install_products
 	${CP} ${ETC_DIR}/apache/*.conf ${USR_ETC_DIR}/apache
 	${MKDIR} ${USR_BIN_DIR}
 	${CP} ${BIN_DIR}/postInstallStation.sh ${USR_BIN_DIR}
 	${CP} ${ETC_DIR}/pg_hba.conf ${USR_ETC_DIR}
 create_database:
 ifeq (@CREATE_LS_DATABASE@,yes)
--- a/livesupport/etc/debian/rules
+++ b/livesupport/etc/debian/rules
@ -116,6 +116,7 @@ install-arch:
 	mv -f $(CURDIR)/debian/livesupport/opt/livesupport/var/cache \
              $(CURDIR)/debian/livesupport-station/opt/livesupport/var
 	mv -f $(CURDIR)/debian/livesupport/opt/livesupport/etc/apache \
 	      $(CURDIR)/debian/livesupport/opt/livesupport/etc/pg_hba.conf \
              $(CURDIR)/debian/livesupport-station/opt/livesupport/etc
 	# now separate the studio (client) files into debian/livesupport-studio
--- a/livesupport/etc/pg_hba.conf
+++ b/livesupport/etc/pg_hba.conf
@ -0,0 +1,104 @@
 # PostgreSQL Client Authentication Configuration File
 # ===================================================
 #
 # Refer to the PostgreSQL Administrator's Guide, chapter "Client
 # Authentication" for a complete description.  A short synopsis
 # follows.
 #
 # This file controls: which hosts are allowed to connect, how clients
 # are authenticated, which PostgreSQL user names they can use, which
 # databases they can access.  Records take one of seven forms:
 #
 # local      DATABASE  USER  METHOD  [OPTION]
 # host       DATABASE  USER  IP-ADDRESS  IP-MASK   METHOD  [OPTION]
 # hostssl    DATABASE  USER  IP-ADDRESS  IP-MASK   METHOD  [OPTION]
 # hostnossl  DATABASE  USER  IP-ADDRESS  IP-MASK   METHOD  [OPTION]
 # host       DATABASE  USER  IP-ADDRESS/CIDR-MASK  METHOD  [OPTION]
 # hostssl    DATABASE  USER  IP-ADDRESS/CIDR-MASK  METHOD  [OPTION]
 # hostnossl  DATABASE  USER  IP-ADDRESS/CIDR-MASK  METHOD  [OPTION]
 #
 # (The uppercase quantities should be replaced by actual values.)
 # The first field is the connection type: "local" is a Unix-domain socket,
 # "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an
 # SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.
 # DATABASE can be "all", "sameuser", "samegroup", a database name (or
 # a comma-separated list thereof), or a file name prefixed with "@".
 # USER can be "all", an actual user name or a group name prefixed with
 # "+", an include file prefixed with "@" or a list containing either.
 # IP-ADDRESS and IP-MASK specify the set of hosts the record matches.
 # CIDR-MASK is an integer between 0 and 32 (IPv6) or 128(IPv6)
 # inclusive, that specifies the number of significant bits in the
 # mask, so an IPv4 CIDR-MASK of 8 is equivalent to an IP-MASK of
 # 255.0.0.0, and an IPv6 CIDR-MASK of 64 is equivalent to an IP-MASK
 # of ffff:ffff:ffff:ffff::. METHOD can be "trust", "reject", "md5",
 # "crypt", "password", "krb5", "ident", or "pam".  Note that
 # "password" uses clear-text passwords; "md5" is preferred for
 # encrypted passwords.  OPTION is the ident map or the name of the PAM
 # service.
 #
 # INCLUDE FILES:
 # If you use include files for users and/or databases (see PostgreSQL
 # documentation, section 19.1), these files must be placed in the
 # database directory. Usually this is /var/lib/postgres/data/, but
 # that can be changed in /etc/postgresql/postmaster.conf with the
 # POSTGRES_DATA variable. Putting them in /etc/postgresql/ will NOT
 # work since the configuration files are only symlinked from
 # POSTGRES_DATA.
 #
 # This file is read on server startup and when the postmaster receives
 # a SIGHUP signal.  If you edit the file on a running system, you have
 # to SIGHUP the postmaster for the changes to take effect, or use
 # "pg_ctl reload".
 #
 # Upstream default configuration
 #
 # The following configuration is the upstream default, which allows
 # unrestricted access to amy database by any user on the local machine.
 # 
 # TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
 #
 #local   all         all                                             trust
 # IPv4-style local connections:
 #host    all         all         127.0.0.1         255.255.255.255   trust
 # IPv6-style local connections:
 #
 # Put your actual configuration here
 # ----------------------------------
 #
 # This default configuration allows any local user to connect as himself
 # without a password, either through a Unix socket or through TCP/IP; users
 # on other machines are denied access.
 #
 # If you want to allow non-local connections, you need to add more
 # "host" records before the final line that rejects all TCP/IP connections.
 # Also, remember TCP/IP connections are only enabled if you enable
 # "tcpip_socket" in /etc/postgresql/postgresql.conf.
 #
 # DO NOT DISABLE!
 # If you change this first entry you will need to make sure the postgres user
 # can access the database using some other method.  The postgres user needs
 # non-interactive access to all databases during automatic maintenance
 # (see the vacuum command and the /usr/lib/postgresql/bin/do.maintenance
 # script).
 #
 # TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
 # Database administrative login by UNIX sockets
 local   all         postgres                                        ident sameuser
 #
 # All other connections by UNIX sockets
 local   all         all                                             ident sameuser
 #
 # The following line was inserted by the livesupport-station package installer
 # the original pg_hba.conf file is saved under pg_hba.conf.before-livesupport
 host    all         all         127.0.0.1         255.255.255.255   password
 #
 # All IPv4 connections from localhost
 host    all         all         127.0.0.1         255.255.255.255   ident sameuser
 #
 # All IPv6 localhost connections
 host    all         all         ::1               ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff        ident sameuser
 host    all         all         ::ffff:127.0.0.1/128                ident sameuser
 #
 # reject all other connection attempts
 host    all         all         0.0.0.0           0.0.0.0           reject