gnumed-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] OS-dependencies for successful bootstrapping of GNUme

From: Busser, Jim
Subject: Re: [Gnumed-devel] OS-dependencies for successful bootstrapping of GNUmed
Date: Fri, 22 Nov 2013 00:58:09 +0000 
On 2013-11-21, at 2:17 PM, Karsten Hilbert <address@hidden> wrote:

> On Thu, Nov 21, 2013 at 07:28:37PM +0000, Jim Busser wrote:
> 
>> During the bootstrap process, do the following fully enough describe what is 
>> needed?
>> 
>> at the OS file system level:
>> - execute permission on the bootstrap scripts
>> - read permission on bootstrap conf and data files
>> - write permission for logging
>> 
>> at the PostgreSQL level
>> - read / write access to the gnumed databases
>> - read access to files at the OS file system level
> 
> The latter is not needed.
> 
>> Now it appears that (at least on Mac OS, for a regular user who is not 
>> restricted) my regular user account has
>> 
>>      rwx permissions on all .sh (and some .py) in
>>              server
>>              server/bootstrap
>> 
>> and
>> 
>>      rw permissions on all the rest
>> 
>> making my question what, if anything, in the above requires root or even 
>> root-like (sudo) access?
> 
> The bootstrapping shell script wrappers want to be root in
> order to conveniently become postgres (in order to run
> certain commands against PostgreSQL).
> 
> The python bootstrapper needs to run as root (or postgres)
> because it needs to access PostgreSQL as postgres. That way
> no PostgreSQL level password is needed for bootstrapping.

But even despite that I ran as "root", the bootstrap kept failing until I

        - uncommented (in .conf files) the prompt for the postgres password, and
        - supplied the postgres password


> 
>> For example, if the shell script was
>> executed (initiated) by the regular system user, and
>> if within the script there exists a 'su' to postgres, does a
>> problem arise at the point of the 'su' to system account user
>> 'postgres' on account of limitation of its file privileges to
>> postgres-related directories and maybe /tmp
> 
> No. The problem will arise when the python bootstrapper
> script runs -- unless the regular system user is set up
> to be able to access PostgreSQL as required by PostgreSQL.
> 
>> Is that the problem that will prevent a successful
>> bootstrap via sudo on every *nix and not just Mac OS?
> 
> There certainly isn't a problem which "will prevent a
> successful bootstrap via sudo on every *nix". I am doing
> that several times a day.
> 
>> If a limitation of sudo 'su' gets solved by initiating the
>> bootstrap script *as* root, why must root 'own' the bootstrap
>> files (say by untarring as root instead of executing files
>> untarred by the regular user)?
> 
> It must not. I am running bootstrap several times a day
> for the last, what, twenty years ? as a regular user
> using sudo.
> 
> Karsten


The last point above therefore depending on your being logged in as a system 
user, for instance one among

        khilbert
        kahi

and also your having set yourself up in postgres to have gm-dbo ± postgres 
superuser privileges?

-- Jim
reply via email to
[Prev in Thread] Current Thread [Next in Thread]