Open MarshallBrinn opened 9 years ago
I believe the import_database.py diff for this is:
diff --git a/sbin/import_database.py b/sbin/import_database.py
index f91e161.77d9033 100755
--- a/sbin/import_database.py
+++ b/sbin/import_database.py
@@ -91,7 +91,8 @@ class DatabaseImporter:
run_cmd = ['/bin/bash', filename]
if as_user:
os.chmod(filename, 0777)
- run_cmd = ['sudo', '-u', as_user, filename]
+ run_cmd = ['sudo', '-u', as_user,
+ 'PGPASSFILE=/etc/geni-ch/.pgpass', filename]
subprocess.call(run_cmd)
except Exception as e:
print "Error running shell command: " + " ".join(run_cmd)
I'm not going to bother to make the change myself, because i don't know what the other changes Marshall mentioned are, but i believe that change will do it in terms of making sure www-data uses the right environment variable for all psql-using subcommands spawned by importa_database.py.
Trac comment by chaos on 07-02-2013 at 15:34
We also need to edit:
./install-ch.sh:32: PORTAL_PASSWORD_FILE_USER='www-data'
Note that ~www-data/.pgpass
does not exist on nye, and neither of these scripts are ever run on nye.
Trac comment by ahelsing on 08-13-2013 at 16:24
It is a bad thing to be placing the database password in ~www-data which is publicly available. We should put the .pgpass file in some public place (e.g. /etc/geni-ch) and then invoke the psql command with the PGPASS= variable set.
This needs to be changed in our import_database.py script and some installation scripts that actually place the file in that location permanently.
Imported from trac ticket #637, created by mbrinn on 06-20-2013 at 10:55, last modified: 03-31-2015 at 14:27