public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #95294 from aanderse/postgresql-rootless

Browse Source 
nixos/postgresql: run ExecStartPost as an unprivileged user
This commit is contained in:
Aaron Andersen 2020-08-20 19:16:23 -04:00 committed by GitHub
commit b87b6abd17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/doc/manual/release-notes/rl-2009.xml
View File

@ -676,11 +676,19 @@ services.dokuwiki."mywiki" = {
<listitem> <listitem>
<para> <para>
The <xref linkend="opt-services.postgresql.dataDir"/> option is now set to <literal>"/var/lib/postgresql/${cfg.package.psqlSchema}"</literal> regardless of your The <xref linkend="opt-services.postgresql.dataDir"/> option is now set to <literal>"/var/lib/postgresql/${cfg.package.psqlSchema}"</literal> regardless of your
<xref linkend="opt-system.stateVersion"/>. Users with an existing postgresql install that have a <xref linkend="opt-system.stateVersion"/> of <literal>17.09</literal> or below <xref linkend="opt-system.stateVersion"/>. Users with an existing postgresql install that have a <xref linkend="opt-system.stateVersion"/> of <literal>17.03</literal> or below
should double check what the value of their <xref linkend="opt-services.postgresql.dataDir"/> option is (<literal>/var/db/postgresql</literal>) and then explicitly should double check what the value of their <xref linkend="opt-services.postgresql.dataDir"/> option is (<literal>/var/db/postgresql</literal>) and then explicitly
set this value to maintain compatibility: set this value to maintain compatibility:
<programlisting> <programlisting>
services.postgresql.dataDir = "/var/db/postgresql"; services.postgresql.dataDir = "/var/db/postgresql";
</programlisting>
</para>
<para>
The postgresql module now expects there to be a database super user account called <literal>postgres</literal> regardless of your <xref linkend="opt-system.stateVersion"/>. Users
with an existing postgresql install that have a <xref linkend="opt-system.stateVersion"/> of <literal>17.03</literal> or below should run the following SQL statements as a
database super admin user before upgrading:
<programlisting>
CREATE ROLE postgres LOGIN SUPERUSER;
</programlisting> </programlisting>
</para> </para>
</listitem> </listitem>

62
nixos/modules/services/databases/postgresql.nix
View File

@ -225,14 +225,15 @@ in
Contents of the <filename>recovery.conf</filename> file. Contents of the <filename>recovery.conf</filename> file.
''; '';
}; };
superUser = mkOption { superUser = mkOption {
type = types.str; type = types.str;
default= if versionAtLeast config.system.stateVersion "17.09" then "postgres" else "root"; default = "postgres";
internal = true; internal = true;
readOnly = true;
description = '' description = ''
NixOS traditionally used 'root' as superuser, most other distros use 'postgres'. PostgreSQL superuser account to use for various operations. Internal since changing
From 17.09 we also try to follow this standard. Internal since changing this value this value would lead to breakage while setting up databases.
would lead to breakage while setting up databases.
''; '';
}; };
}; };
@ -310,33 +311,10 @@ in
''} ''}
''; '';
serviceConfig = mkMerge [
{ ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = "postgres";
Group = "postgres";
RuntimeDirectory = "postgresql";
Type = if versionAtLeast cfg.package.version "9.6"
then "notify"
else "simple";
# Shut down Postgres using SIGINT ("Fast Shutdown mode"). See
# http://www.postgresql.org/docs/current/static/server-shutdown.html
KillSignal = "SIGINT";
KillMode = "mixed";
# Give Postgres a decent amount of time to clean up after
# receiving systemd's SIGINT.
TimeoutSec = 120;
ExecStart = "${postgresql}/bin/postgres";
# Wait for PostgreSQL to be ready to accept connections. # Wait for PostgreSQL to be ready to accept connections.
ExecStartPost = postStart =
let ''
setupScript = pkgs.writeScript "postgresql-setup" ('' PSQL="psql --port=${toString cfg.port}"
#!${pkgs.runtimeShell} -e
PSQL="${pkgs.utillinux}/bin/runuser -u ${cfg.superUser} -- psql --port=${toString cfg.port}"
while ! $PSQL -d postgres -c "" 2> /dev/null; do while ! $PSQL -d postgres -c "" 2> /dev/null; do
if ! kill -0 "$MAINPID"; then exit 1; fi if ! kill -0 "$MAINPID"; then exit 1; fi
@ -360,9 +338,27 @@ in
$PSQL -tAc 'GRANT ${permission} ON ${database} TO "${user.name}"' $PSQL -tAc 'GRANT ${permission} ON ${database} TO "${user.name}"'
'') user.ensurePermissions)} '') user.ensurePermissions)}
'') cfg.ensureUsers} '') cfg.ensureUsers}
''); '';
in
"+${setupScript}"; serviceConfig = mkMerge [
{ ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = "postgres";
Group = "postgres";
RuntimeDirectory = "postgresql";
Type = if versionAtLeast cfg.package.version "9.6"
then "notify"
else "simple";
# Shut down Postgres using SIGINT ("Fast Shutdown mode"). See
# http://www.postgresql.org/docs/current/static/server-shutdown.html
KillSignal = "SIGINT";
KillMode = "mixed";
# Give Postgres a decent amount of time to clean up after
# receiving systemd's SIGINT.
TimeoutSec = 120;
ExecStart = "${postgresql}/bin/postgres";
} }
(mkIf (cfg.dataDir == "/var/lib/postgresql/${cfg.package.psqlSchema}") { (mkIf (cfg.dataDir == "/var/lib/postgresql/${cfg.package.psqlSchema}") {
StateDirectory = "postgresql postgresql/${cfg.package.psqlSchema}"; StateDirectory = "postgresql postgresql/${cfg.package.psqlSchema}";