diff options
| author | Hailong Wang <whlsxl@gmail.com> | 2023-06-12 18:13:34 +0800 |
|---|---|---|
| committer | skjnldsv <skjnldsv@protonmail.com> | 2024-08-16 10:57:11 +0200 |
| commit | f490a4e8c0f9c52460ddf93408625f49860878c0 (patch) | |
| tree | eb09df8df1e84d6572de8f3a9e6a45d2d50ec60d /lib | |
| parent | 75180a629216af6b6d4b69bd53aab6d161e628c5 (diff) | |
| download | nextcloud-server-f490a4e8c0f9c52460ddf93408625f49860878c0.tar.gz nextcloud-server-f490a4e8c0f9c52460ddf93408625f49860878c0.zip | |
fix: postgresql GRANT user's permission after createDatabase, ensure database exist when GRANT
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Setup/PostgreSQL.php | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/lib/private/Setup/PostgreSQL.php b/lib/private/Setup/PostgreSQL.php index 4ece8957ce6..ea5ebf66cec 100644 --- a/lib/private/Setup/PostgreSQL.php +++ b/lib/private/Setup/PostgreSQL.php @@ -40,7 +40,8 @@ class PostgreSQL extends AbstractDatabase { } catch (DatabaseException $e) { $canCreateRoles = false; } - + + $connectionMainDatabase; if ($canCreateRoles) { $connectionMainDatabase = $this->connect(); //use the admin login data for the new database user @@ -51,16 +52,6 @@ class PostgreSQL extends AbstractDatabase { $this->dbPassword = \OC::$server->get(ISecureRandom::class)->generate(30, ISecureRandom::CHAR_ALPHANUMERIC); $this->createDBUser($connection); - - // Go to the main database and grant create on the public schema - // The code below is implemented to make installing possible with PostgreSQL version 15: - // https://www.postgresql.org/docs/release/15.0/ - // From the release notes: For new databases having no need to defend against insider threats, granting CREATE permission will yield the behavior of prior releases - // Therefore we assume that the database is only used by one user/service which is Nextcloud - // Additional services should get installed in a separate database in order to stay secure - // Also see https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS - $connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO "' . addslashes($this->dbUser) . '"'); - $connectionMainDatabase->close(); } } @@ -73,6 +64,18 @@ class PostgreSQL extends AbstractDatabase { $this->createDatabase($connection); // the connection to dbname=postgres is not needed anymore $connection->close(); + + if ($canCreateRoles) { + // Go to the main database and grant create on the public schema + // The code below is implemented to make installing possible with PostgreSQL version 15: + // https://www.postgresql.org/docs/release/15.0/ + // From the release notes: For new databases having no need to defend against insider threats, granting CREATE permission will yield the behavior of prior releases + // Therefore we assume that the database is only used by one user/service which is Nextcloud + // Additional services should get installed in a separate database in order to stay secure + // Also see https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS + $connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO "' . addslashes($this->dbUser) . '"'); + $connectionMainDatabase->close(); + } } catch (\Exception $e) { $this->logger->warning('Error trying to connect as "postgres", assuming database is setup and tables need to be created', [ 'exception' => $e, |