Commit c0d4d547 authored by Peter Eisentraut's avatar Peter Eisentraut

Make the world somewhat safe for (not from) DELETE FROM pg_shadow;

Assign the fixed user id 1 to the user created by initdb.
A stand-alone backend will always set the user id to 1.
(Consequently, the name of that user is no longer important.)

In stand-alone mode, the user id 1 will have implicit superuser
status, to allow repairs even if there are no users defined.

Print a warning message when starting in stand-alone mode when no
users are defined.

Disallow dropping the current user and session user.

Granting/revoking superuser status also grants/revokes usecatupd.
(Previously, it would never grant it back.  This could lead to "deadlocks".)

CREATE USER and CREATE GROUP will start allocating user ids at 100
(unless explicitly specified), to prevent accidental creation of a
superuser (plus some room for future extensions).
parent fdbf796f
<!-- <!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/initdb.sgml,v 1.16 2001/09/03 12:57:50 petere Exp $ $Header: /cvsroot/pgsql/doc/src/sgml/ref/initdb.sgml,v 1.17 2001/09/08 15:24:00 petere Exp $
Postgres documentation Postgres documentation
--> -->
...@@ -9,7 +9,7 @@ Postgres documentation ...@@ -9,7 +9,7 @@ Postgres documentation
</docinfo> </docinfo>
<refmeta> <refmeta>
<refentrytitle id="APP-INITDB-TITLE"><application>initdb</application></refentrytitle> <refentrytitle id="APP-INITDB-TITLE">initdb</refentrytitle>
<manvolnum>1</manvolnum> <manvolnum>1</manvolnum>
<refmiscinfo>Application</refmiscinfo> <refmiscinfo>Application</refmiscinfo>
</refmeta> </refmeta>
...@@ -25,12 +25,12 @@ Postgres documentation ...@@ -25,12 +25,12 @@ Postgres documentation
<group choice="plain"> <group choice="plain">
<arg>--pgdata </arg> <arg>--pgdata </arg>
<arg>-D </arg> <arg>-D </arg>
<replaceable>dbdir</replaceable> <replaceable>directory</replaceable>
</group> </group>
<group> <group>
<arg>--sysid </arg> <arg>--username </arg>
<arg>-i </arg> <arg>-U </arg>
<replaceable>sysid</replaceable> <replaceable>username</replaceable>
</group> </group>
<group><arg>--pwprompt</arg><arg>-W</arg></group> <group><arg>--pwprompt</arg><arg>-W</arg></group>
<group> <group>
...@@ -49,11 +49,12 @@ Postgres documentation ...@@ -49,11 +49,12 @@ Postgres documentation
Description Description
</title> </title>
<para> <para>
<application>initdb</application> creates a new <command>initdb</command> creates a new
<productname>Postgres</productname> database cluster or system. A <productname>PostgreSQL</productname> database cluster (or database
database cluster is a collection of databases that are managed by a system). A database cluster is a collection of databases that are
single postmaster. managed by a single server instance.
</para> </para>
<para> <para>
Creating a database system consists of creating the directories in which Creating a database system consists of creating the directories in which
the database data will live, generating the shared catalog tables the database data will live, generating the shared catalog tables
...@@ -66,26 +67,23 @@ Postgres documentation ...@@ -66,26 +67,23 @@ Postgres documentation
</para> </para>
<para> <para>
You must not execute <application>initdb</application> as root; it must <command>initdb</command> must be run as the user that will own the
be run by the Unix user account that will run the database server. server process, because the server needs to have access to the
This is because you cannot run the database server as root either, but the files and directories that <command>initdb</command> creates.
server needs to have access to the files <application>initdb</application> Since the server may not be run as root, you must not run
creates. Furthermore, during the initialization phase, when there are no <command>initdb</command> as root either. (It will in fact refuse
users and no access controls installed, <productname>Postgres</productname> to do so.)
will only connect with
the name of the current Unix user, so you must log in under the account
that will own the server process.
</para> </para>
<para> <para>
Although <application>initdb</application> will attempt to create the Although <command>initdb</command> will attempt to create the
specified data directory, often it won't have permission to do so, specified data directory, often it won't have permission to do so,
since the parent of the desired data directory is often a root-owned since the parent of the desired data directory is often a root-owned
directory. To set up an arrangement like this, create an empty data directory. To set up an arrangement like this, create an empty data
directory as root, then use <application>chown</application> to hand over directory as root, then use <command>chown</command> to hand over
ownership of that directory to the database user account, then ownership of that directory to the database user account, then
<application>su</application> to become the database user, and <command>su</command> to become the database user, and
finally run <application>initdb</application> as the database user. finally run <command>initdb</command> as the database user.
</para> </para>
<refsect2> <refsect2>
...@@ -94,31 +92,32 @@ Postgres documentation ...@@ -94,31 +92,32 @@ Postgres documentation
<para> <para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term>--pgdata=<replaceable class="parameter">dbdir</replaceable></term> <term>--pgdata=<replaceable class="parameter">directory</replaceable></term>
<term>-D <replaceable class="parameter">dbdir</replaceable></term> <term>-D <replaceable class="parameter">directory</replaceable></term>
<listitem> <listitem>
<para> <para>
This option specifies where in the file system the database This option specifies the directory where the database system
should be stored. This is the only information required by should be stored. This is the only information required by
<application>initdb</application>, but you can avoid writing it by <command>initdb</command>, but you can avoid writing it by
setting the <envar>PGDATA</envar> environment variable, which setting the <envar>PGDATA</envar> environment variable, which
can be convenient since the database server can be convenient since the database server
(<filename>postmaster</filename>) can find the database (<command>postmaster</command>) can find the database
directory later by the same variable. directory later by the same variable.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>--sysid=<replaceable class="parameter">sysid</replaceable></term> <term>--username=<replaceable class="parameter">username</replaceable></term>
<term>-i <replaceable class="parameter">sysid</replaceable></term> <term>-U <replaceable class="parameter">username</replaceable></term>
<listitem> <listitem>
<para> <para>
Selects the system id of the database superuser. This defaults Selects the user name of the database superuser. This defaults
to the effective user id of the user running to the name of the effective user running
<application>initdb</application>. It is really not important <command>initdb</command>. It is really not important what the
what the superuser's sysid is, but one might choose to start superuser's name is, but one might choose to keep the
the numbering at some number like 1. customary name <quote>postgres</quote>, even if the operating
system user's name is different.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
...@@ -128,7 +127,7 @@ Postgres documentation ...@@ -128,7 +127,7 @@ Postgres documentation
<term>-W</term> <term>-W</term>
<listitem> <listitem>
<para> <para>
Makes <application>initdb</application> prompt for a password Makes <command>initdb</command> prompt for a password
to give the database superuser. If you don't plan on using password to give the database superuser. If you don't plan on using password
authentication, this is not important. Otherwise you won't be authentication, this is not important. Otherwise you won't be
able to use password authentication until you have a password able to use password authentication until you have a password
...@@ -162,7 +161,7 @@ Postgres documentation ...@@ -162,7 +161,7 @@ Postgres documentation
<term>-L <replaceable class="parameter">directory</replaceable></term> <term>-L <replaceable class="parameter">directory</replaceable></term>
<listitem> <listitem>
<para> <para>
Specifies where <application>initdb</application> should find Specifies where <command>initdb</command> should find
its input files to initialize the database system. This is its input files to initialize the database system. This is
normally not necessary. You will be told if you need to normally not necessary. You will be told if you need to
specify their location explicitly. specify their location explicitly.
...@@ -175,7 +174,7 @@ Postgres documentation ...@@ -175,7 +174,7 @@ Postgres documentation
<term>-n</term> <term>-n</term>
<listitem> <listitem>
<para> <para>
By default, when <application>initdb</application> By default, when <command>initdb</command>
determines that an error prevented it from completely creating the database determines that an error prevented it from completely creating the database
system, it removes any files it may have created before discovering system, it removes any files it may have created before discovering
that it can't finish the job. This option inhibits tidying-up and is that it can't finish the job. This option inhibits tidying-up and is
...@@ -191,7 +190,7 @@ Postgres documentation ...@@ -191,7 +190,7 @@ Postgres documentation
<para> <para>
Print debugging output from the bootstrap backend and a few other Print debugging output from the bootstrap backend and a few other
messages of lesser interest for the general public. messages of lesser interest for the general public.
The bootstrap backend is the program <application>initdb</application> The bootstrap backend is the program <command>initdb</command>
uses to create the catalog tables. This option generates a tremendous uses to create the catalog tables. This option generates a tremendous
amount of extremely boring output. amount of extremely boring output.
</para> </para>
...@@ -205,11 +204,30 @@ Postgres documentation ...@@ -205,11 +204,30 @@ Postgres documentation
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>See also</title> <title>Environment</title>
<variablelist>
<varlistentry>
<term><envar>PGDATA</envar></term>
<listitem>
<para>
Specifies the directory where the database system is to be
stored; may be overridden using the <option>-D</option> option.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>See Also</title>
<simpara> <simplelist type="inline">
<citetitle>PostgreSQL Administrator's Guide</citetitle> <member><xref linkend="app-postgres"></member>
</simpara> <member><xref linkend="app-postmaster"></member>
<member><citetitle>PostgreSQL Administrator's Guide</citetitle></member>
</simplelist>
</refsect1> </refsect1>
</refentry> </refentry>
......
<!-- <!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/postgres-ref.sgml,v 1.18 2001/09/03 12:57:50 petere Exp $ $Header: /cvsroot/pgsql/doc/src/sgml/ref/postgres-ref.sgml,v 1.19 2001/09/08 15:24:00 petere Exp $
Postgres documentation Postgres documentation
--> -->
...@@ -35,7 +35,7 @@ Postgres documentation ...@@ -35,7 +35,7 @@ Postgres documentation
<arg>-i</arg> <arg>-i</arg>
<arg>-L</arg> <arg>-L</arg>
<arg>-N</arg> <arg>-N</arg>
<arg>-o <replaceable>file-name</replaceable></arg> <arg>-o <replaceable>filename</replaceable></arg>
<arg>-O</arg> <arg>-O</arg>
<arg>-P</arg> <arg>-P</arg>
<group> <group>
...@@ -58,7 +58,7 @@ Postgres documentation ...@@ -58,7 +58,7 @@ Postgres documentation
<arg>-F</arg> <arg>-F</arg>
<arg>-i</arg> <arg>-i</arg>
<arg>-L</arg> <arg>-L</arg>
<arg>-o <replaceable>file-name</replaceable></arg> <arg>-o <replaceable>filename</replaceable></arg>
<arg>-O</arg> <arg>-O</arg>
<arg>-p <replaceable>database</replaceable></arg> <arg>-p <replaceable>database</replaceable></arg>
<arg>-P</arg> <arg>-P</arg>
...@@ -103,9 +103,12 @@ Postgres documentation ...@@ -103,9 +103,12 @@ Postgres documentation
</para> </para>
<para> <para>
When running a stand-alone backend the session user name will When running a stand-alone backend, the session user will be set to
automatically be set to the current effective Unix user name. If the user with id 1. This user does not actually have to exist, so
that user does not exist the server will not start. a stand-alone backend can be used to manually recover from certain
kinds of accidental damage to the system catalogs. Implicit
superuser powers are granted to the user with id 1 in stand-alone
mode.
</para> </para>
<refsect2> <refsect2>
...@@ -157,14 +160,14 @@ Postgres documentation ...@@ -157,14 +160,14 @@ Postgres documentation
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>-o <replaceable class="parameter">file-name</replaceable></term> <term>-o <replaceable class="parameter">filename</replaceable></term>
<listitem> <listitem>
<para> <para>
Sends all debugging and error output to Sends all debugging and error output to
<replaceable class="parameter">OutputFile</replaceable>. <replaceable class="parameter">filename</replaceable>.
If the backend is running under the <application>postmaster</application>, If the backend is running under the <application>postmaster</application>,
error messages are still sent to the frontend process as well as to error messages are still sent to the frontend process as well as to
<replaceable class="parameter">OutputFile</replaceable>, <replaceable class="parameter">filename</replaceable>,
but debugging output is sent to the controlling tty of the but debugging output is sent to the controlling tty of the
<application>postmaster</application> <application>postmaster</application>
(since only one file descriptor can be sent to an actual file). (since only one file descriptor can be sent to an actual file).
...@@ -359,7 +362,7 @@ Postgres documentation ...@@ -359,7 +362,7 @@ Postgres documentation
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>See also</title> <title>See Also</title>
<para> <para>
<xref linkend="app-initdb">, <xref linkend="app-initdb">,
......
...@@ -34,12 +34,13 @@ CREATE USER <replaceable>name</replaceable> ...@@ -34,12 +34,13 @@ CREATE USER <replaceable>name</replaceable>
<para> <para>
In order to bootstrap the database system, a freshly initialized In order to bootstrap the database system, a freshly initialized
system always contains one predefined user. This user will have system always contains one predefined user. This user will have the
the same name as the operating system user that initialized the fixed id 1, and by default (unless altered when running
area (and is presumably being used as the user that runs the <command>initdb</command>) it will have the same name as the
server). Thus, often an initial user <quote>postgres</quote> operating system user that initialized the area (and is presumably
exists. In order to create more users you have to first connect as being used as the user that runs the server). Customarily, this user
this initial user. will be called <quote>postgres</quote>. In order to create more
users you have to first connect as this initial user.
</para> </para>
<para> <para>
......
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
# #
# #
# IDENTIFICATION # IDENTIFICATION
# $Header: /cvsroot/pgsql/src/backend/catalog/Attic/genbki.sh,v 1.23 2001/08/26 16:55:59 tgl Exp $ # $Header: /cvsroot/pgsql/src/backend/catalog/Attic/genbki.sh,v 1.24 2001/09/08 15:24:00 petere Exp $
# #
# NOTES # NOTES
# non-essential whitespace is removed from the generated file. # non-essential whitespace is removed from the generated file.
...@@ -183,6 +183,7 @@ sed -e "s/;[ ]*$//g" \ ...@@ -183,6 +183,7 @@ sed -e "s/;[ ]*$//g" \
-e "s/[ ]TransactionId/ xid/g" \ -e "s/[ ]TransactionId/ xid/g" \
-e "s/^TransactionId/xid/g" \ -e "s/^TransactionId/xid/g" \
-e "s/(TransactionId/(xid/g" \ -e "s/(TransactionId/(xid/g" \
-e "s/PGUID/1/g" \
-e "s/NAMEDATALEN/$NAMEDATALEN/g" \ -e "s/NAMEDATALEN/$NAMEDATALEN/g" \
-e "s/DEFAULT_ATTSTATTARGET/$DEFAULTATTSTATTARGET/g" \ -e "s/DEFAULT_ATTSTATTARGET/$DEFAULTATTSTATTARGET/g" \
-e "s/INDEX_MAX_KEYS\*2/$INDEXMAXKEYS2/g" \ -e "s/INDEX_MAX_KEYS\*2/$INDEXMAXKEYS2/g" \
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
* $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.82 2001/08/17 02:59:19 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.83 2001/09/08 15:24:00 petere Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -198,7 +198,7 @@ CreateUser(CreateUserStmt *stmt) ...@@ -198,7 +198,7 @@ CreateUser(CreateUserStmt *stmt)
bool user_exists = false, bool user_exists = false,
sysid_exists = false, sysid_exists = false,
havesysid = false; havesysid = false;
int max_id = -1; int max_id;
List *item, *option; List *item, *option;
char *password = NULL; /* PostgreSQL user password */ char *password = NULL; /* PostgreSQL user password */
bool encrypt_password = Password_encryption; /* encrypt password? */ bool encrypt_password = Password_encryption; /* encrypt password? */
...@@ -268,6 +268,8 @@ CreateUser(CreateUserStmt *stmt) ...@@ -268,6 +268,8 @@ CreateUser(CreateUserStmt *stmt)
if (dsysid) if (dsysid)
{ {
sysid = intVal(dsysid->arg); sysid = intVal(dsysid->arg);
if (sysid <= 0)
elog(ERROR, "user id must be positive");
havesysid = true; havesysid = true;
} }
if (dvalidUntil) if (dvalidUntil)
...@@ -294,6 +296,7 @@ CreateUser(CreateUserStmt *stmt) ...@@ -294,6 +296,7 @@ CreateUser(CreateUserStmt *stmt)
pg_shadow_dsc = RelationGetDescr(pg_shadow_rel); pg_shadow_dsc = RelationGetDescr(pg_shadow_rel);
scan = heap_beginscan(pg_shadow_rel, false, SnapshotNow, 0, NULL); scan = heap_beginscan(pg_shadow_rel, false, SnapshotNow, 0, NULL);
max_id = 99; /* start auto-assigned ids at 100 */
while (!user_exists && !sysid_exists && while (!user_exists && !sysid_exists &&
HeapTupleIsValid(tuple = heap_getnext(scan, 0))) HeapTupleIsValid(tuple = heap_getnext(scan, 0)))
{ {
...@@ -550,31 +553,31 @@ AlterUser(AlterUserStmt *stmt) ...@@ -550,31 +553,31 @@ AlterUser(AlterUserStmt *stmt)
new_record[Anum_pg_shadow_usetrace - 1] = heap_getattr(tuple, Anum_pg_shadow_usetrace, pg_shadow_dsc, &null); new_record[Anum_pg_shadow_usetrace - 1] = heap_getattr(tuple, Anum_pg_shadow_usetrace, pg_shadow_dsc, &null);
new_record_nulls[Anum_pg_shadow_usetrace - 1] = null ? 'n' : ' '; new_record_nulls[Anum_pg_shadow_usetrace - 1] = null ? 'n' : ' ';
/* createuser (superuser) */ /*
* createuser (superuser) and catupd
*
* XXX It's rather unclear how to handle catupd. It's probably
* best to keep it equal to the superuser status, otherwise you
* could end up with a situation where no existing superuser can
* alter the catalogs, including pg_shadow!
*/
if (createuser < 0) if (createuser < 0)
{ {
/* don't change */ /* don't change */
new_record[Anum_pg_shadow_usesuper - 1] = heap_getattr(tuple, Anum_pg_shadow_usesuper, pg_shadow_dsc, &null); new_record[Anum_pg_shadow_usesuper - 1] = heap_getattr(tuple, Anum_pg_shadow_usesuper, pg_shadow_dsc, &null);
new_record_nulls[Anum_pg_shadow_usesuper - 1] = null ? 'n' : ' '; new_record_nulls[Anum_pg_shadow_usesuper - 1] = null ? 'n' : ' ';
new_record[Anum_pg_shadow_usecatupd - 1] = heap_getattr(tuple, Anum_pg_shadow_usecatupd, pg_shadow_dsc, &null);
new_record_nulls[Anum_pg_shadow_usecatupd - 1] = null ? 'n' : ' ';
} }
else else
{ {
new_record[Anum_pg_shadow_usesuper - 1] = BoolGetDatum(createuser > 0); new_record[Anum_pg_shadow_usesuper - 1] = BoolGetDatum(createuser > 0);
new_record_nulls[Anum_pg_shadow_usesuper - 1] = ' '; new_record_nulls[Anum_pg_shadow_usesuper - 1] = ' ';
}
/* catupd - set to false if someone's superuser priv is being yanked */ new_record[Anum_pg_shadow_usecatupd - 1] = BoolGetDatum(createuser > 0);
if (createuser == 0)
{
new_record[Anum_pg_shadow_usecatupd - 1] = BoolGetDatum(false);
new_record_nulls[Anum_pg_shadow_usecatupd - 1] = ' '; new_record_nulls[Anum_pg_shadow_usecatupd - 1] = ' ';
} }
else
{
/* leave alone */
new_record[Anum_pg_shadow_usecatupd - 1] = heap_getattr(tuple, Anum_pg_shadow_usecatupd, pg_shadow_dsc, &null);
new_record_nulls[Anum_pg_shadow_usecatupd - 1] = null ? 'n' : ' ';
}
/* password */ /* password */
if (password) if (password)
...@@ -692,6 +695,11 @@ DropUser(DropUserStmt *stmt) ...@@ -692,6 +695,11 @@ DropUser(DropUserStmt *stmt)
usesysid = DatumGetInt32(heap_getattr(tuple, Anum_pg_shadow_usesysid, pg_shadow_dsc, &null)); usesysid = DatumGetInt32(heap_getattr(tuple, Anum_pg_shadow_usesysid, pg_shadow_dsc, &null));
if (usesysid == GetUserId())
elog(ERROR, "current user cannot be dropped");
if (usesysid == GetSessionUserId())
elog(ERROR, "session user cannot be dropped");
/* /*
* Check if user still owns a database. If so, error out. * Check if user still owns a database. If so, error out.
* *
...@@ -825,7 +833,7 @@ CreateGroup(CreateGroupStmt *stmt) ...@@ -825,7 +833,7 @@ CreateGroup(CreateGroupStmt *stmt)
bool group_exists = false, bool group_exists = false,
sysid_exists = false, sysid_exists = false,
havesysid = false; havesysid = false;
int max_id = 0; int max_id;
Datum new_record[Natts_pg_group]; Datum new_record[Natts_pg_group];
char new_record_nulls[Natts_pg_group]; char new_record_nulls[Natts_pg_group];
List *item, List *item,
...@@ -859,6 +867,8 @@ CreateGroup(CreateGroupStmt *stmt) ...@@ -859,6 +867,8 @@ CreateGroup(CreateGroupStmt *stmt)
if (dsysid) if (dsysid)
{ {
sysid = intVal(dsysid->arg); sysid = intVal(dsysid->arg);
if (sysid <= 0)
elog(ERROR, "group id must be positive");
havesysid = true; havesysid = true;
} }
...@@ -875,6 +885,7 @@ CreateGroup(CreateGroupStmt *stmt) ...@@ -875,6 +885,7 @@ CreateGroup(CreateGroupStmt *stmt)
pg_group_dsc = RelationGetDescr(pg_group_rel); pg_group_dsc = RelationGetDescr(pg_group_rel);
scan = heap_beginscan(pg_group_rel, false, SnapshotNow, 0, NULL); scan = heap_beginscan(pg_group_rel, false, SnapshotNow, 0, NULL);
max_id = 99; /* start auto-assigned ids at 100 */
while (!group_exists && !sysid_exists && while (!group_exists && !sysid_exists &&
HeapTupleIsValid(tuple = heap_getnext(scan, false))) HeapTupleIsValid(tuple = heap_getnext(scan, false)))
{ {
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.76 2001/08/15 07:07:40 ishii Exp $ * $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.77 2001/09/08 15:24:00 petere Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -476,6 +476,20 @@ InitializeSessionUserId(const char *username) ...@@ -476,6 +476,20 @@ InitializeSessionUserId(const char *username)
} }
void
InitializeSessionUserIdStandalone(void)
{
/* This function should only be called in a single-user backend. */
AssertState(!IsUnderPostmaster);
/* call only once */
AssertState(!OidIsValid(SessionUserId));
SetSessionUserId(BOOTSTRAP_USESYSID);
AuthenticatedUserIsSuperuser = true;
}
/* /*
* Change session auth ID while running * Change session auth ID while running
*/ */
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.90 2001/09/07 00:27:29 tgl Exp $ * $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.91 2001/09/08 15:24:00 petere Exp $
* *
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
...@@ -25,6 +25,7 @@ ...@@ -25,6 +25,7 @@
#include "access/heapam.h" #include "access/heapam.h"
#include "catalog/catname.h" #include "catalog/catname.h"
#include "catalog/pg_database.h" #include "catalog/pg_database.h"
#include "catalog/pg_shadow.h"
#include "commands/trigger.h" #include "commands/trigger.h"
#include "commands/variable.h" /* for set_default_client_encoding() */ #include "commands/variable.h" /* for set_default_client_encoding() */
#include "mb/pg_wchar.h" #include "mb/pg_wchar.h"
...@@ -43,6 +44,7 @@ ...@@ -43,6 +44,7 @@
static void ReverifyMyDatabase(const char *name); static void ReverifyMyDatabase(const char *name);
static void InitCommunication(void); static void InitCommunication(void);
static void ShutdownPostgres(void); static void ShutdownPostgres(void);
static bool ThereIsAtLeastOneUser(void);
int lockingOff = 0; /* backend -L switch */ int lockingOff = 0; /* backend -L switch */
...@@ -329,12 +331,24 @@ InitPostgres(const char *dbname, const char *username) ...@@ -329,12 +331,24 @@ InitPostgres(const char *dbname, const char *username)
LockDisable(true); LockDisable(true);
/* /*
* Figure out our postgres user id. If bootstrapping, we can't * Figure out our postgres user id. In standalone mode we use a
* assume that pg_shadow exists yet, so fake it. * fixed id, otherwise we figure it out from the authenticated
* user name.
*/ */
if (bootstrap) if (bootstrap)
SetSessionUserId(geteuid()); InitializeSessionUserIdStandalone();
else if (!IsUnderPostmaster)
{
InitializeSessionUserIdStandalone();
if (!ThereIsAtLeastOneUser())
{
elog(NOTICE, "There are currently no users defined in this database system.");
elog(NOTICE, "You should immediately run 'CREATE USER \"%s\" WITH SYSID %d CREATEUSER;'.",
username, BOOTSTRAP_USESYSID);
}
}
else else
/* normal multiuser case */
InitializeSessionUserId(username); InitializeSessionUserId(username);
/* /*
...@@ -406,3 +420,28 @@ ShutdownPostgres(void) ...@@ -406,3 +420,28 @@ ShutdownPostgres(void)
*/ */
smgrDoPendingDeletes(false);/* delete as though aborting xact */ smgrDoPendingDeletes(false);/* delete as though aborting xact */
} }
/*
* Returns true if at least one user is defined in this database cluster.
*/
static bool
ThereIsAtLeastOneUser(void)
{
Relation pg_shadow_rel;
TupleDesc pg_shadow_dsc;
HeapScanDesc scan;
bool result;
pg_shadow_rel = heap_openr(ShadowRelationName, AccessExclusiveLock);
pg_shadow_dsc = RelationGetDescr(pg_shadow_rel);
scan = heap_beginscan(pg_shadow_rel, false, SnapshotNow, 0, 0);
result = HeapTupleIsValid(heap_getnext(scan, 0));
heap_endscan(scan);
heap_close(pg_shadow_rel, AccessExclusiveLock);
return result;
}
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/misc/superuser.c,v 1.18 2001/06/13 21:44:41 tgl Exp $ * $Header: /cvsroot/pgsql/src/backend/utils/misc/superuser.c,v 1.19 2001/09/08 15:24:00 petere Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -34,6 +34,10 @@ superuser(void) ...@@ -34,6 +34,10 @@ superuser(void)
bool result = false; bool result = false;
HeapTuple utup; HeapTuple utup;
/* Special escape path in case you deleted all your users. */
if (!IsUnderPostmaster && GetUserId() == BOOTSTRAP_USESYSID)
return true;
utup = SearchSysCache(SHADOWSYSID, utup = SearchSysCache(SHADOWSYSID,
ObjectIdGetDatum(GetUserId()), ObjectIdGetDatum(GetUserId()),
0, 0, 0); 0, 0, 0);
......
...@@ -27,7 +27,7 @@ ...@@ -27,7 +27,7 @@
# Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group # Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
# Portions Copyright (c) 1994, Regents of the University of California # Portions Copyright (c) 1994, Regents of the University of California
# #
# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.136 2001/09/06 04:57:29 ishii Exp $ # $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.137 2001/09/08 15:24:00 petere Exp $
# #
#------------------------------------------------------------------------- #-------------------------------------------------------------------------
...@@ -183,7 +183,6 @@ show_setting= ...@@ -183,7 +183,6 @@ show_setting=
# user with the same name as the Unix user running it. That's # user with the same name as the Unix user running it. That's
# a security measure. # a security measure.
POSTGRES_SUPERUSERNAME="$EffectiveUser" POSTGRES_SUPERUSERNAME="$EffectiveUser"
POSTGRES_SUPERUSERID=`$PGPATH/pg_id -u`
while [ "$#" -gt 0 ] while [ "$#" -gt 0 ]
do do
...@@ -207,15 +206,15 @@ do ...@@ -207,15 +206,15 @@ do
noclean=yes noclean=yes
echo "Running with noclean mode on. Mistakes will not be cleaned up." echo "Running with noclean mode on. Mistakes will not be cleaned up."
;; ;;
# The sysid of the database superuser. Can be freely changed. # The name of the database superuser. Can be freely changed.
--sysid|-i) --username|-U)
POSTGRES_SUPERUSERID="$2" POSTGRES_SUPERUSERNAME="$2"
shift;; shift;;
--sysid=*) --username=*)
POSTGRES_SUPERUSERID=`echo $1 | sed 's/^--sysid=//'` POSTGRES_SUPERUSERNAME=`echo $1 | sed 's/^--username=//'`
;; ;;
-i*) -U*)
POSTGRES_SUPERUSERID=`echo $1 | sed 's/^-i//'` POSTGRES_SUPERUSERNAME=`echo $1 | sed 's/^-U//'`
;; ;;
# The default password of the database superuser. # The default password of the database superuser.
# Make initdb prompt for the default password of the database superuser. # Make initdb prompt for the default password of the database superuser.
...@@ -276,7 +275,7 @@ if [ "$usage" ]; then ...@@ -276,7 +275,7 @@ if [ "$usage" ]; then
if [ -n "$MULTIBYTE" ] ; then if [ -n "$MULTIBYTE" ] ; then
echo " -E, --encoding ENCODING Set the default multibyte encoding for new databases" echo " -E, --encoding ENCODING Set the default multibyte encoding for new databases"
fi fi
echo " -i, --sysid SYSID Database sysid for the superuser" echo " -U, --username NAME Database superuser name"
echo "Less commonly used options: " echo "Less commonly used options: "
echo " -L DIRECTORY Where to find the input files" echo " -L DIRECTORY Where to find the input files"
echo " -d, --debug Generate lots of debugging output" echo " -d, --debug Generate lots of debugging output"
...@@ -343,7 +342,7 @@ then ...@@ -343,7 +342,7 @@ then
echo echo
echo "initdb variables:" echo "initdb variables:"
for var in PGDATA datadir PGPATH MULTIBYTE MULTIBYTEID \ for var in PGDATA datadir PGPATH MULTIBYTE MULTIBYTEID \
POSTGRES_SUPERUSERNAME POSTGRES_SUPERUSERID POSTGRES_BKI \ POSTGRES_SUPERUSERNAME POSTGRES_BKI \
POSTGRES_DESCR POSTGRESQL_CONF_SAMPLE \ POSTGRES_DESCR POSTGRESQL_CONF_SAMPLE \
PG_HBA_SAMPLE PG_IDENT_SAMPLE ; do PG_HBA_SAMPLE PG_IDENT_SAMPLE ; do
eval "echo ' '$var=\$$var" eval "echo ' '$var=\$$var"
...@@ -384,11 +383,10 @@ done ...@@ -384,11 +383,10 @@ done
trap 'echo "Caught signal." ; exit_nicely' 1 2 3 15 trap 'echo "Caught signal." ; exit_nicely' 1 2 3 15
# Let's go # Let's go
echo "This database system will be initialized with user name \"$POSTGRES_SUPERUSERNAME\"." echo "The files belonging to this database system will be owned by user \"$EffectiveUser\"."
echo "This user will own all the data files and must also own the server process." echo "This user must also own the server process."
echo echo
########################################################################## ##########################################################################
# #
# CREATE DATABASE DIRECTORY # CREATE DATABASE DIRECTORY
...@@ -467,7 +465,6 @@ mkdir "$PGDATA"/base/1 || exit_nicely ...@@ -467,7 +465,6 @@ mkdir "$PGDATA"/base/1 || exit_nicely
cat "$POSTGRES_BKI" \ cat "$POSTGRES_BKI" \
| sed -e "s/POSTGRES/$POSTGRES_SUPERUSERNAME/g" \ | sed -e "s/POSTGRES/$POSTGRES_SUPERUSERNAME/g" \
-e "s/PGUID/$POSTGRES_SUPERUSERID/g" \
-e "s/ENCODING/$MULTIBYTEID/g" \ -e "s/ENCODING/$MULTIBYTEID/g" \
| "$PGPATH"/postgres -boot -x1 $PGSQL_OPT $BACKEND_TALK_ARG template1 \ | "$PGPATH"/postgres -boot -x1 $PGSQL_OPT $BACKEND_TALK_ARG template1 \
|| exit_nicely || exit_nicely
......
...@@ -37,7 +37,7 @@ ...@@ -37,7 +37,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
* $Id: catversion.h,v 1.93 2001/08/26 16:56:00 tgl Exp $ * $Id: catversion.h,v 1.94 2001/09/08 15:24:00 petere Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -53,6 +53,6 @@ ...@@ -53,6 +53,6 @@
*/ */
/* yyyymmddN */ /* yyyymmddN */
#define CATALOG_VERSION_NO 200108251 #define CATALOG_VERSION_NO 200109081
#endif #endif
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
* $Id: pg_shadow.h,v 1.13 2001/08/10 18:57:41 tgl Exp $ * $Id: pg_shadow.h,v 1.14 2001/09/08 15:24:00 petere Exp $
* *
* NOTES * NOTES
* the genbki.sh script reads this file and generates .bki * the genbki.sh script reads this file and generates .bki
...@@ -71,4 +71,6 @@ typedef FormData_pg_shadow *Form_pg_shadow; ...@@ -71,4 +71,6 @@ typedef FormData_pg_shadow *Form_pg_shadow;
*/ */
DATA(insert ( "POSTGRES" PGUID t t t t _null_ _null_ )); DATA(insert ( "POSTGRES" PGUID t t t t _null_ _null_ ));
#define BOOTSTRAP_USESYSID 1
#endif /* PG_SHADOW_H */ #endif /* PG_SHADOW_H */
...@@ -12,7 +12,7 @@ ...@@ -12,7 +12,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
* $Id: miscadmin.h,v 1.89 2001/08/15 18:42:15 momjian Exp $ * $Id: miscadmin.h,v 1.90 2001/09/08 15:24:00 petere Exp $
* *
* NOTES * NOTES
* some of the information in this file should be moved to * some of the information in this file should be moved to
...@@ -211,6 +211,7 @@ extern void SetUserId(Oid userid); ...@@ -211,6 +211,7 @@ extern void SetUserId(Oid userid);
extern Oid GetSessionUserId(void); extern Oid GetSessionUserId(void);
extern void SetSessionUserId(Oid userid); extern void SetSessionUserId(Oid userid);
extern void InitializeSessionUserId(const char *username); extern void InitializeSessionUserId(const char *username);
extern void InitializeSessionUserIdStandalone(void);
extern void SetSessionAuthorization(const char *username); extern void SetSessionAuthorization(const char *username);
extern void SetDataDir(const char *dir); extern void SetDataDir(const char *dir);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment