Re: (Default) Group permissions

On 06/30/2013 07:06 PM, John R Pierce wrote:
> On 6/30/2013 12:46 PM, Michael Orlitzky wrote:
>> We use Postgres for shared hosting; i.e. what most people use MySQL for.
>> The biggest headache for us so far has been that we're unable to get
>> group permissions set up effectively so that different groups of
>> customers, admins, apaches, etc. can access/modify the data they need,
>> without manual intervention from someone with root and a relatively deep
>> knowledge of the permissions system.
>
> 90% of shared hosting is one user one database, right?
>
> CREATE USER username PASSWORD 'somepassword';
> CREATE DATABASE username OWNER username;
>
> done.
>

For you to guess the right answer, you're going to have to at least read
the requirements that I listed in the README =)

I've already considered this, and it's not sufficient even when the
customer doesn't need access to the DB. I need access to it, and so do
my coworkers, and anything that winds up in the DB should be
read/writable by all of us.

The point of the test case was that you can delete everything I have in
step #2, try this, and it will fail:

$ sudo ./01-create-actors.sh

$ sudo psql -U postgres -d customer_project <<< \
"ALTER DATABASE customer_project OWNER TO alice"
ALTER DATABASE

$ sudo psql -U postgres -d dba_project <<< \
"ALTER DATABASE dba_project OWNER TO dba1"
ALTER DATABASE

$ sudo ./03-run-tests.sh
ERROR: bob can't modify dba1's table.

$ sudo ./04-add-new-user-and-retest.sh
ERROR: dba2 can't modify alice's table.

$ sudo ./05-destroy-actors.sh

If you get an ERROR, it means one of the requirements (explained in the
README) wasn't met.