Re: Manage PostgreSQL Database for GITLAB Application?

Greetings,

* Hilbert, Karin (ioh1(at)psu(dot)edu) wrote:
> Does anyone manage a PostgreSQL database for a GITLAB application?

Yes.

> I have PostgreSQL v9.6 installed on my server & we are trying to migrate a GITLAB database there.
>
> The developer says that we need to use the public schema instead of the schema of the same name as the application user.

Not sure this is really required but it also shouldn't hurt anything
really- I'd definitely have the database be dedicated to gitlab.

> The schema that he provided me to restore also is revoking all privileges from the database owner & instead granting all privileges to PUBLIC.

That's terrible.

> Has anyone else run across this? I always thought that granting privileges to PUBLIC is a bad security thing to do?

Yes, that's bad from a security perspective and shouldn't be necessary.
GRANT rights to the user(s) the application logs into, don't just grant
them to PUBLIC- that would allow anyone on the system to have access.

> If anyone can offer any thoughts regarding this, it would be greatly appreciated.

Is this developer the only one who is going to be using this gitlab
instance..? Sounds like maybe they want direct database access which
would only make sense if they're the one running it and should have full
access- but even then, I'd create a role and grant access to that role
and then grant them that role, if that's the requirement. GRANT'ing
things to public isn't a good idea if you're at all concerned about
security.

Thanks!

Stephen