diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Setup/PostgreSQL.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/private/Setup/PostgreSQL.php b/lib/private/Setup/PostgreSQL.php index bc24909dc3d..af816c7ad04 100644 --- a/lib/private/Setup/PostgreSQL.php +++ b/lib/private/Setup/PostgreSQL.php @@ -62,6 +62,7 @@ class PostgreSQL extends AbstractDatabase { } if ($canCreateRoles) { + $connectionMainDatabase = $this->connect(); //use the admin login data for the new database user //add prefix to the postgresql user name to prevent collisions @@ -70,6 +71,16 @@ class PostgreSQL extends AbstractDatabase { $this->dbPassword = \OC::$server->getSecureRandom()->generate(30, ISecureRandom::CHAR_ALPHANUMERIC); $this->createDBUser($connection); + + // Go to the main database and grant create on the public schema + // The code below is implemented to make installing possible with PostgreSQL version 15: + // https://www.postgresql.org/docs/release/15.0/ + // From the release notes: For new databases having no need to defend against insider threats, granting CREATE permission will yield the behavior of prior releases + // Therefore we assume that the database is only used by one user/service which is Nextcloud + // Additional services should get installed in a separate database in order to stay secure + // Also see https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS + $connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO ' . addslashes($this->dbUser)); + $connectionMainDatabase->close(); } $this->config->setValues([ |