add option to disable db user creation trough environment variable

Signed-off-by: Robin Appelman <robin@icewind.nl>

1 files changed, 38 insertions, 36 deletions

diff --git a/lib/private/Setup/PostgreSQL.php b/lib/private/Setup/PostgreSQL.php
index af816c7ad04..8359f7b7563 100644
--- a/lib/private/Setup/PostgreSQL.php
+++ b/lib/private/Setup/PostgreSQL.php
@@ -45,42 +45,44 @@ class PostgreSQL extends AbstractDatabase {
 			$connection = $this->connect([
 				'dbname' => 'postgres'
 			]);
-			//check for roles creation rights in postgresql
-			$builder = $connection->getQueryBuilder();
-			$builder->automaticTablePrefix(false);
-			$query = $builder
-				->select('rolname')
-				->from('pg_roles')
-				->where($builder->expr()->eq('rolcreaterole', new Literal('TRUE')))
-				->andWhere($builder->expr()->eq('rolname', $builder->createNamedParameter($this->dbUser)));
-
-			try {
-				$result = $query->execute();
-				$canCreateRoles = $result->rowCount() > 0;
-			} catch (DatabaseException $e) {
-				$canCreateRoles = false;
-			}
-
-			if ($canCreateRoles) {
-				$connectionMainDatabase = $this->connect();
-				//use the admin login data for the new database user
-
-				//add prefix to the postgresql user name to prevent collisions
-				$this->dbUser = 'oc_' . strtolower($username);
-				//create a new password so we don't need to store the admin config in the config file
-				$this->dbPassword = \OC::$server->getSecureRandom()->generate(30, ISecureRandom::CHAR_ALPHANUMERIC);
-
-				$this->createDBUser($connection);
-
-				// Go to the main database and grant create on the public schema
-				// The code below is implemented to make installing possible with PostgreSQL version 15:
-				// https://www.postgresql.org/docs/release/15.0/
-				// From the release notes: For new databases having no need to defend against insider threats, granting CREATE permission will yield the behavior of prior releases
-				// Therefore we assume that the database is only used by one user/service which is Nextcloud
-				// Additional services should get installed in a separate database in order to stay secure
-				// Also see https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
-				$connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO ' . addslashes($this->dbUser));
-				$connectionMainDatabase->close();
+			if ($this->tryCreateDbUser) {
+				//check for roles creation rights in postgresql
+				$builder = $connection->getQueryBuilder();
+				$builder->automaticTablePrefix(false);
+				$query = $builder
+					->select('rolname')
+					->from('pg_roles')
+					->where($builder->expr()->eq('rolcreaterole', new Literal('TRUE')))
+					->andWhere($builder->expr()->eq('rolname', $builder->createNamedParameter($this->dbUser)));
+
+				try {
+					$result = $query->execute();
+					$canCreateRoles = $result->rowCount() > 0;
+				} catch (DatabaseException $e) {
+					$canCreateRoles = false;
+				}
+
+				if ($canCreateRoles) {
+					$connectionMainDatabase = $this->connect();
+					//use the admin login data for the new database user
+
+					//add prefix to the postgresql user name to prevent collisions
+					$this->dbUser = 'oc_' . strtolower($username);
+					//create a new password so we don't need to store the admin config in the config file
+					$this->dbPassword = \OC::$server->getSecureRandom()->generate(30, ISecureRandom::CHAR_ALPHANUMERIC);
+
+					$this->createDBUser($connection);
+
+					// Go to the main database and grant create on the public schema
+					// The code below is implemented to make installing possible with PostgreSQL version 15:
+					// https://www.postgresql.org/docs/release/15.0/
+					// From the release notes: For new databases having no need to defend against insider threats, granting CREATE permission will yield the behavior of prior releases
+					// Therefore we assume that the database is only used by one user/service which is Nextcloud
+					// Additional services should get installed in a separate database in order to stay secure
+					// Also see https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
+					$connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO ' . addslashes($this->dbUser));
+					$connectionMainDatabase->close();
+				}
 			}
 
 			$this->config->setValues([