Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Postgres user puppetdb has too many privileges #60

Open
Heap0017 opened this issue Jun 18, 2024 · 5 comments · May be fixed by #62
Open

Postgres user puppetdb has too many privileges #60

Heap0017 opened this issue Jun 18, 2024 · 5 comments · May be fixed by #62

Comments

@Heap0017
Copy link

From the puppetdb logs:

ERROR [p.p.c.services] The read-database user is not configured properly because it has privileges other than SELECT on the puppetdb tables
ERROR [p.p.c.services] The read-database user is not configured properly because it has ownership of tables
ERROR [p.p.c.services] The read-database user is not configured properly because it is a superuser

I believe we should crete user puppetdb (and potentially another, dedicated read-user) on startup (initdb) with appropriate limited privileges. See also https://www.puppet.com/docs/puppetdb/7/configure_postgres.html#using-ssl-with-postgresql.
@bastelfreak
Copy link
Member

@Heap0017 thanks for raising the issue! Are you able to provide a patch for this?

@Heap0017
Copy link
Author

@bastelfreak I tried to fix it but couldn't manage to. I cannot promise to provide a patch.

@rwaffen
Copy link
Member

rwaffen commented Jun 19, 2024

hmm i think this pays into #49 ... have to put more time into this 😅

@Heap0017
Copy link
Author

@rwaffen I don't see how these issues are related. System user and postgres user should be distinct concepts.

@rwaffen
Copy link
Member

rwaffen commented Jun 20, 2024

oh than i got confused, sry.

thought system and db users are created together in most case. but i'm not so used to postgres.

@Heap0017 Heap0017 linked a pull request Jul 2, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Crafty Overview
Status: No status
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Don't access database with a superuser. Create dedicated read user Heap0017/crafty
3 participants
@bastelfreak @rwaffen @Heap0017