> I would be happy with a menu item Start PostgreSQL/Stop PostgreSQL and > it prompts me for the root password - something like gksu.
The following command (which will prompt you for the root password): $ su - root -c "svcadm enavble version_82" only needs to be run once, as it permanently enables the PostgreSQL version 8.2 SMF service (so it is automatically started & stopped at reboot). In terms of ease of use, running the above command once ranks seems pretty easy to me. But now that you've mentioned webstack, I think you are confusing service types. I don't believe that MySQL that comes with webstack comes as an SMF service. Maybe they can tell us how managed? David Van Couvering wrote: > Given that we are in OpenSolaris, I think this discussion needs to be > moved to the public aliases, so I'm taking it there. There are a lot of > smart folks out there who I am sure can contribute their experience and > knowledge to this discussion. > > We can't only serve the needs of the production/IT user at the cost of > usability for the developer. "Secure by default" doesn't have to mean > "PITA by default." So I appreciate Jignesh's attempt to find a solution > - let's brainstorm here and see what we can come up with. > > Of course I don't want any TDH to be able to start the service. But I > would like to understand how the webstack team has made it so easy to > start the MySQL service, and why we can't do the same thing for PostgreSQL. > > If what the webstack team is doing is insecure, we should call that out, > and figure out a more secure solution for all of us. But perhaps they > have found a good compromise between security and usability. > > I am not sure about the user-generic SMF. It seems overly-complicated. > > I would be happy with a menu item Start PostgreSQL/Stop PostgreSQL and > it prompts me for the root password - something like gksu. > > I was also going to discuss with the OpenSolaris usability folks about > creating a role like "Developer" that has all the rights set up that a > developer needs (start/stop MySQL/Apache/PostgreSQL, etc.). Then at > install time for SXDE we can ask if the installer wants to grant > Developer rights to the user they are creating. What do you think about > that as a longer-term solution? > > Thanks, > > David > > Jignesh K. Shah wrote: > >> Yes I agree with James on allowing every TDH (Tom Dick Harry) access >> to the SMF service. >> >> However there is a different way to achieve simplicity out here. >> >> I dont know yet how this can be done but if we have a "user" generic >> SMF service where it uses the id of the calling user id , then it >> allows each user to have their own "instance" of PostgreSQL server. >> There is a bit of automation required specially for the "port". But I >> see an advantage of this setup, we can have a very light weight >> PostgreSQL server postgresql.conf that a user can start which will >> create a small database in their home directory and also sets >> environment varaibles (PGDATA and probably also the port) so when they >> do psql it connects to user default setup unless mentioned otherwise. >> >> It is not clean but having a quick script to set it up for users who >> want it should be easy to provide. >> Logic is simple.. if script is not executed, everything works as it >> works now, however if it is executed, it setups up certain default >> variables and creates a light weight (default) postgresql server that >> they can use a generic SMF service specially designed for it. >> >> This way enterprise installations are still controlled by default SMF, >> plus a user generic SMF service allows to create their own light >> weight setup (which we think will have easy integration for netbeans >> to identify and add it transparently for that user. >> >> This I think enables "developers" to be independent of the >> "administrator" plus really isolates other postgresql developer) on >> the same system. >> >> What do you think? >> >> Regards, >> Jignesh >> >> >> James Gates wrote: >> >>> David Van Couvering wrote: >>> >>>> Rather than get lost in the weeds of this kind of argument, I think >>>> it's very simple: we should understand what we are doing for MySQL >>>> and Apache, so that I as a non-root user can start the service >>>> without having to go into RBAC to assign additional rights to the >>>> user, and I'd like to understand why we can't do the same thing for >>>> PostgreSQL. >>>> >>> >>> Because it's a blatant security risk. The PostgreSQL SMF service runs >>> as the "postgres" userid, and would typically manage all databases on >>> the host (there is a 1 to many relationship between a PostgreSQL >>> service and databases). >>> >>> We cannot allow a non-privileged user (who has nothing to do with >>> database administration) to be able to shutdown the PostgreSQL service. >>> >>> By default only the "root" & "postgres" users can do this. The system >>> administrator can allow other users to do the same by just assigning >>> them the "Postgres Administration" profile in /etc/user_attr. It's >>> not difficult, and is perfectly acceptable on a multi-user enterprise >>> system. This is not MS Windows we're talking about! >>> >>> Quite frankly I'm surprised that you think this is anything other >>> than correct behavior. Are you seriously suggesting we should allow >>> *anyone* to shutdown an enterprise service that provides multiple >>> databases to potentially thousands of clients/applications? >>> >>>> If what we are doing for MySQL and Apache is doing is broken, then >>>> we should raise this as an issue. But assuming that what they are >>>> doing is within the bounds of our security policies, then I don't >>>> see why we can't follow that model for PostgreSQL. >>> >>> >>> If any/all users on the system can start & stop the MySQL SMF >>> service, then I would consider this a very serious security bug. And >>> so would ARC and our security teams (they'd have a fit!) >>> >>> But I'm still not sure if you're actually talking about a MySQL SMF >>> service - you haven't qualified yet exactly how & what you do with >>> MySQL & Apache. >>> >>> Please explain exactly how you manage MySQL, from what username, what >>> privileges this user has. All commands from db creation to starting & >>> stopping the database. >>> >>>> >>>> If we can't, then we are in the position Josh has brought up: MySQL >>>> is easier to use on Solaris than PostgreSQL. That seems off. >>>> >>>> Thanks, >>>> >>>> David >>>> >>>> James Gates wrote: >>>> >>>>> > the MySQL and Apache services can be enabled by any user with >>>>> certain >>>>> > permissions. >>>>> >>>>> What do you mean by "services"? And what do you mean by "certain >>>>> permissions"? Do you mean SMF services & RBAC profiles? >>>>> >>>>> The PostgreSQL SMF services can be managed by any user/role with >>>>> the "solaris.smf.manage.postgres" & "solaris.smf.value.postgres" >>>>> authorizations. Both of which are assigned to the "Postgres >>>>> Administration" profile. >>>>> >>>>> So you just need to assign the "Postgres Administration" profile to >>>>> the user(s) in /etc/user_attr that you want to manage the SMF >>>>> services. Customers can do this easily *after* they're created >>>>> their usernames. >>>>> >>>>> But think about what you're asking for!!!!!!!! What "other users" >>>>> do you think we should allow to start PostgreSQL by default? We >>>>> can't predict what non-default usernames the customer will have on >>>>> their machines. So, unless we allow *all* users to start & stop >>>>> postgres, the list of usernamess we can give these permissions to >>>>> is restricted to the list of default users on Solaris: >>>>> >>>>> root >>>>> daemon >>>>> bin >>>>> sys >>>>> adm >>>>> lp >>>>> uucp >>>>> nuucp >>>>> dladm >>>>> smmsp >>>>> listen >>>>> gdm >>>>> webservd >>>>> postgres >>>>> nobody >>>>> noaccess >>>>> nobody4 >>>>> >>>>> I don't think giving any of these users permission to start & stop >>>>> PostgreSQL is what you really had in mind? >>>>> >>>>> And allowing any username to start & stop your default PostgreSQL >>>>> service is not a good idea! >>>>> >>>>> I think you need to qualify exactly what these MySQL & Apache >>>>> services are, how they're started, and how the permission to do so >>>>> is granted. >>>>> >>>>> Personally, I would expect developers who want to use PostgreSQL >>>>> *not* to use or manage the default SMF services we've provided, but >>>>> create their own i.e. run initdb & pg_ctl themselves. They probably >>>>> don't want their database owned by "postgres" & stored in /var >>>>> anyway. Being owned by user "postgres" creates problems connecting >>>>> from other usernames, since there won't be equivalent usernames in >>>>> the database. >>>>> >>>>> And if these developers want automatic startup & shutdown of their >>>>> own services, they can implement their own SMF services (using our >>>>> xml script as a template). >>>>> >>>>> >>>>> Josh Berkus wrote: >>>>> >>>>>> Team, >>>>>> >>>>>> The Netbeans folks have brought up the discrepancy that on Nevada, >>>>>> the PostgreSQL service can only be enabled by "root" or >>>>>> "postgres", whereas the MySQL and Apache services can be enabled >>>>>> by any user with certain permissions. I really don't want to get >>>>>> into a situation where MySQL is "easier to use" on Solaris than >>>>>> PostgreSQL. Can we take a look at the RBAC setup, or whatever is >>>>>> necessary, to make the various Solaris freeware consistent? >>>>>>
