On Wed, Apr 23, 2008 at 02:41:50PM +0300, Hossein Hamam wrote: > Can someone explain the -A in createuser?
'man createuser' -A (or --no-adduser) asserts that the new user should not be permitted to create other users. This is sensible for a role such as DSpace's. Daemons' accounts should not be permitted to create other users, unless that is the express function of a particular daemon. By the way, I would recommend against 'createuser -d' for this user. There is no need for the DSpace user to be able to create a database either, when you are going to do it manually. Instead I would recommend '-D', since we are asserting defaults, and the use of the 'postgres' user in both commands. > And using which user should I issue these commands: > > createuser -U postgres -d -A -P dspace > createdb -U dspace -E UNICODE dspace I would recommend: createuser -U postgres -D -A -P dspace createdb -U postgres -E UNICODE -O dspace dspace while logged on as OS user 'postgres'. In other words, use the database superuser (-U postgres) which has rights to create users and databases, as the user in both commands, and set the newly-created DSpace user (-O dspace) as the owner of the new database. > When I su as postgres user, I am able to apply the first command but when I > issue the 2nd command, it gives me the below error: > createdb: could not connect to database postgres: FATAL: Ident > authentication failed for user "dspace" Since you are using Ident authentication, you would have to 'su dspace' before executing your second command. Or you would need a mapping from OS user 'postgres' to DBMS user 'dspace' in pg_ident. If you have in pg_hba: local dspace dspace ident dspace then you'd need in pg_ident: dspace dspace dspace dspace postgres dspace If you use '-U postgres' in both commands, then the second command should connect if the first does. Please be aware that I've never tried to set up Ident authentication, so my advice on it should not be completely trusted. :-) It just occurred to me that you need two sets of permissions in pg_hba if you're going to use the commands you showed, because DSpace is going to need a 'host' connection, but the above commands all use a 'local' connection. > However, if I su as dspace, I am not able to issue the first command, but am > able to issue the 2nd command. You'd need the reverse mapping: 'some-map-name dspace postgres'. But I'm not sure which database(s) need this mapping. > After some research I found that I should edit the file pg_ident.conf. > But what should I edit? Did anyone face a similar problem? May I ask why you're using Ident authentication? I think this is the first use of it that I've ever heard of. I've used MD5 authentication whenever I grant access to PostgreSQL. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Typically when a software vendor says that a product is "intuitive" he means the exact opposite.
pgpYsutSChVBT.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
