PostgresSQL and DB Superuser

["Hotchkiss, David" <dh...@iso-ne.com>]

Hello Everyone,

When using the Quick-start single process model: After the System
Database has been initialized, is it possible to run without a valid
"dbsuperusername" and "dbsuperuserpassword" when configured for
PostgreSQL?

In effect, we'd like to bypass the call to
ManifoldCF.createSystemDatabase(...) once the database has been created.

If not, does the Single-process deployable war model make it possible to
run without "dbsuperusername/password"?

Thanks,

  //david

RE: [EXT] Re: PostgresSQL and DB Superuser

["Hotchkiss, David" <dh...@iso-ne.com>]

Hi Karl,

Thank-you for the suggestion. We will see how it works to limit the "dbsuperuser" account access during normal operations.

Our present use-case is very small scale and does not depend on connectors that require the multi-process model.  So, I am looking for ways to reduce the overhead on our support team when we deploy to production.  As long as there are no other reasons to avoid it, the single-process model seemed to be the right fit.

Thanks,

  //david

________________________________
From: Karl Wright [daddywri@gmail.com]
Sent: Thursday, October 26, 2017 5:22 PM
To: user@manifoldcf.apache.org
Subject: [EXT] Re: PostgresSQL and DB Superuser


*** EXTERNAL email. Please be cautious and evaluate before you click on links, open attachments, or provide credentials. ***


Hi David,

If you are running in multiprocess mode, database initialization is a separate step.  Once the database initialization step has been done, it's no longer necessary for the "superuser" to have superuser powers.  However, when you upgrade, you will need to remember to give that user back superuser powers, or the upgrade will fail.

For single-process, though, it's a different story; the database initialization/upgrade happens on every start.  So there's no way to get around needing a superuser involved in that case.  You can maybe play with reducing permissions so that that user has only read permissions; unless there is an actual need for an upgrade step that might be sufficient.

Thanks,
Karl


On Thu, Oct 26, 2017 at 5:06 PM, Hotchkiss, David <dh...@iso-ne.com>> wrote:
Hello Everyone,

When using the Quick-start single process model: After the System
Database has been initialized, is it possible to run without a valid
"dbsuperusername" and "dbsuperuserpassword" when configured for
PostgreSQL?

In effect, we'd like to bypass the call to
ManifoldCF.createSystemDatabase(...) once the database has been created.

If not, does the Single-process deployable war model make it possible to
run without "dbsuperusername/password"?

Thanks,

  //david

Re: PostgresSQL and DB Superuser

[Karl Wright <da...@gmail.com>]

Hi David,

If you are running in multiprocess mode, database initialization is a
separate step.  Once the database initialization step has been done, it's
no longer necessary for the "superuser" to have superuser powers.  However,
when you upgrade, you will need to remember to give that user back
superuser powers, or the upgrade will fail.

For single-process, though, it's a different story; the database
initialization/upgrade happens on every start.  So there's no way to get
around needing a superuser involved in that case.  You can maybe play with
reducing permissions so that that user has only read permissions; unless
there is an actual need for an upgrade step that might be sufficient.

Thanks,
Karl


On Thu, Oct 26, 2017 at 5:06 PM, Hotchkiss, David <dh...@iso-ne.com>
wrote:

> Hello Everyone,
>
> When using the Quick-start single process model: After the System
> Database has been initialized, is it possible to run without a valid
> "dbsuperusername" and "dbsuperuserpassword" when configured for
> PostgreSQL?
>
> In effect, we'd like to bypass the call to
> ManifoldCF.createSystemDatabase(...) once the database has been created.
>
> If not, does the Single-process deployable war model make it possible to
> run without "dbsuperusername/password"?
>
> Thanks,
>
>   //david
>