allow db users to login remotely

pull/10/head
Andrew Wang 1 year ago
parent ef3d130f78
commit 29305168c3
  1. 12
      README.md
  2. 16
      ceod/db/MySQLService.py
  3. 2
      ceod/db/PostgreSQLService.py

@ -49,7 +49,7 @@ ALTER USER postgres WITH PASSWORD 'postgres';
REVOKE ALL ON SCHEMA public FROM public;
GRANT ALL ON SCHEMA public TO postgres;
```
create a new `pg_hba.conf` to force password authentication and reject non local
create a new `pg_hba.conf` to force password authentication
```
cd /etc/postgresql/<version>/<branch>/
mv pg_hba.conf pg_hba.conf.old
@ -58,12 +58,22 @@ mv pg_hba.conf pg_hba.conf.old
# new pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
local all postgres md5
host all postgres localhost md5
host all postgres 0.0.0.0/0 reject
host all postgres ::/0 reject
local sameuser all md5
host sameuser all 0.0.0.0/0 md5
host sameuser all ::/0 md5
```
```
# modified postgresql.conf
# listen_addresses = 'localhost'
listen_address = '*'
```
```
systemctl restart postgresql
```
users can login remotely but superusers (`postgres` and `mysql`) are only allowed to login from the database host
#### Mailman
You should create the following mailing lists from the mail container:

@ -40,10 +40,14 @@ class MySQLService:
password = gen_password()
search_for_user = f"SELECT user FROM mysql.user WHERE user='{username}'"
search_for_db = f"SHOW DATABASES LIKE '{username}'"
create_user = f"CREATE USER '{username}'@'localhost' IDENTIFIED BY %(password)s"
create_user = f"""
CREATE USER '{username}'@'localhost' IDENTIFIED BY %(password)s;
CREATE USER '{username}'@'%' IDENTIFIED BY %(password)s;
"""
create_database = f"""
CREATE DATABASE {username};
GRANT ALL PRIVILEGES ON {username}.* TO '{username}'@'localhost';
GRANT ALL PRIVILEGES ON {username}.* TO '{username}'@'%';
"""
with self.mysql_connection() as con:
@ -59,7 +63,10 @@ class MySQLService:
def reset_db_passwd(self, username: str) -> str:
password = gen_password()
search_for_user = f"SELECT user FROM mysql.user WHERE user='{username}'"
reset_password = f"ALTER USER '{username}'@'localhost' IDENTIFIED BY %(password)s"
reset_password = f"""
ALTER USER '{username}'@'localhost' IDENTIFIED BY %(password)s
ALTER USER '{username}'@'%' IDENTIFIED BY %(password)s
"""
with self.mysql_connection() as con:
with con.cursor() as cursor:
@ -70,8 +77,11 @@ class MySQLService:
return password
def delete_db(self, username: str):
drop_user = f"DROP USER IF EXISTS '{username}'@'localhost'"
drop_db = f"DROP DATABASE IF EXISTS {username}"
drop_user = f"""
DROP USER IF EXISTS '{username}'@'localhost';
DROP USER IF EXISTS '{username}'@'%';
"""
with self.mysql_connection() as con:
with con.cursor() as cursor:

@ -71,8 +71,8 @@ class PostgreSQLService:
return password
def delete_db(self, username: str):
drop_user = f"DROP USER IF EXISTS {username}"
drop_db = f"DROP DATABASE IF EXISTS {username}"
drop_user = f"DROP USER IF EXISTS {username}"
with self.psql_connection() as con:
with con.cursor() as cursor:

Loading…
Cancel
Save