allow db users to login remotely
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
This commit is contained in:
parent
ef3d130f78
commit
29305168c3
12
README.md
12
README.md
|
@ -49,7 +49,7 @@ ALTER USER postgres WITH PASSWORD 'postgres';
|
||||||
REVOKE ALL ON SCHEMA public FROM public;
|
REVOKE ALL ON SCHEMA public FROM public;
|
||||||
GRANT ALL ON SCHEMA public TO postgres;
|
GRANT ALL ON SCHEMA public TO postgres;
|
||||||
```
|
```
|
||||||
create a new `pg_hba.conf` to force password authentication and reject non local
|
create a new `pg_hba.conf` to force password authentication
|
||||||
```
|
```
|
||||||
cd /etc/postgresql/<version>/<branch>/
|
cd /etc/postgresql/<version>/<branch>/
|
||||||
mv pg_hba.conf pg_hba.conf.old
|
mv pg_hba.conf pg_hba.conf.old
|
||||||
|
@ -58,12 +58,22 @@ mv pg_hba.conf pg_hba.conf.old
|
||||||
# new pg_hba.conf
|
# new pg_hba.conf
|
||||||
# TYPE DATABASE USER ADDRESS METHOD
|
# TYPE DATABASE USER ADDRESS METHOD
|
||||||
local all postgres md5
|
local all postgres md5
|
||||||
|
host all postgres localhost md5
|
||||||
|
host all postgres 0.0.0.0/0 reject
|
||||||
|
host all postgres ::/0 reject
|
||||||
local sameuser all md5
|
local sameuser all md5
|
||||||
host sameuser all 0.0.0.0/0 md5
|
host sameuser all 0.0.0.0/0 md5
|
||||||
|
host sameuser all ::/0 md5
|
||||||
|
```
|
||||||
|
```
|
||||||
|
# modified postgresql.conf
|
||||||
|
# listen_addresses = 'localhost'
|
||||||
|
listen_address = '*'
|
||||||
```
|
```
|
||||||
```
|
```
|
||||||
systemctl restart postgresql
|
systemctl restart postgresql
|
||||||
```
|
```
|
||||||
|
users can login remotely but superusers (`postgres` and `mysql`) are only allowed to login from the database host
|
||||||
|
|
||||||
#### Mailman
|
#### Mailman
|
||||||
You should create the following mailing lists from the mail container:
|
You should create the following mailing lists from the mail container:
|
||||||
|
|
|
@ -40,10 +40,14 @@ class MySQLService:
|
||||||
password = gen_password()
|
password = gen_password()
|
||||||
search_for_user = f"SELECT user FROM mysql.user WHERE user='{username}'"
|
search_for_user = f"SELECT user FROM mysql.user WHERE user='{username}'"
|
||||||
search_for_db = f"SHOW DATABASES LIKE '{username}'"
|
search_for_db = f"SHOW DATABASES LIKE '{username}'"
|
||||||
create_user = f"CREATE USER '{username}'@'localhost' IDENTIFIED BY %(password)s"
|
create_user = f"""
|
||||||
|
CREATE USER '{username}'@'localhost' IDENTIFIED BY %(password)s;
|
||||||
|
CREATE USER '{username}'@'%' IDENTIFIED BY %(password)s;
|
||||||
|
"""
|
||||||
create_database = f"""
|
create_database = f"""
|
||||||
CREATE DATABASE {username};
|
CREATE DATABASE {username};
|
||||||
GRANT ALL PRIVILEGES ON {username}.* TO '{username}'@'localhost';
|
GRANT ALL PRIVILEGES ON {username}.* TO '{username}'@'localhost';
|
||||||
|
GRANT ALL PRIVILEGES ON {username}.* TO '{username}'@'%';
|
||||||
"""
|
"""
|
||||||
|
|
||||||
with self.mysql_connection() as con:
|
with self.mysql_connection() as con:
|
||||||
|
@ -59,7 +63,10 @@ class MySQLService:
|
||||||
def reset_db_passwd(self, username: str) -> str:
|
def reset_db_passwd(self, username: str) -> str:
|
||||||
password = gen_password()
|
password = gen_password()
|
||||||
search_for_user = f"SELECT user FROM mysql.user WHERE user='{username}'"
|
search_for_user = f"SELECT user FROM mysql.user WHERE user='{username}'"
|
||||||
reset_password = f"ALTER USER '{username}'@'localhost' IDENTIFIED BY %(password)s"
|
reset_password = f"""
|
||||||
|
ALTER USER '{username}'@'localhost' IDENTIFIED BY %(password)s
|
||||||
|
ALTER USER '{username}'@'%' IDENTIFIED BY %(password)s
|
||||||
|
"""
|
||||||
|
|
||||||
with self.mysql_connection() as con:
|
with self.mysql_connection() as con:
|
||||||
with con.cursor() as cursor:
|
with con.cursor() as cursor:
|
||||||
|
@ -70,8 +77,11 @@ class MySQLService:
|
||||||
return password
|
return password
|
||||||
|
|
||||||
def delete_db(self, username: str):
|
def delete_db(self, username: str):
|
||||||
drop_user = f"DROP USER IF EXISTS '{username}'@'localhost'"
|
|
||||||
drop_db = f"DROP DATABASE IF EXISTS {username}"
|
drop_db = f"DROP DATABASE IF EXISTS {username}"
|
||||||
|
drop_user = f"""
|
||||||
|
DROP USER IF EXISTS '{username}'@'localhost';
|
||||||
|
DROP USER IF EXISTS '{username}'@'%';
|
||||||
|
"""
|
||||||
|
|
||||||
with self.mysql_connection() as con:
|
with self.mysql_connection() as con:
|
||||||
with con.cursor() as cursor:
|
with con.cursor() as cursor:
|
||||||
|
|
|
@ -71,8 +71,8 @@ class PostgreSQLService:
|
||||||
return password
|
return password
|
||||||
|
|
||||||
def delete_db(self, username: str):
|
def delete_db(self, username: str):
|
||||||
drop_user = f"DROP USER IF EXISTS {username}"
|
|
||||||
drop_db = f"DROP DATABASE IF EXISTS {username}"
|
drop_db = f"DROP DATABASE IF EXISTS {username}"
|
||||||
|
drop_user = f"DROP USER IF EXISTS {username}"
|
||||||
|
|
||||||
with self.psql_connection() as con:
|
with self.psql_connection() as con:
|
||||||
with con.cursor() as cursor:
|
with con.cursor() as cursor:
|
||||||
|
|
Loading…
Reference in New Issue