Assign the fixed user id 1 to the user created by initdb.
A stand-alone backend will always set the user id to 1.
(Consequently, the name of that user is no longer important.)
In stand-alone mode, the user id 1 will have implicit superuser
status, to allow repairs even if there are no users defined.
Print a warning message when starting in stand-alone mode when no
users are defined.
Disallow dropping the current user and session user.
Granting/revoking superuser status also grants/revokes usecatupd.
(Previously, it would never grant it back. This could lead to "deadlocks".)
CREATE USER and CREATE GROUP will start allocating user ids at 100
(unless explicitly specified), to prevent accidental creation of a
superuser (plus some room for future extensions).
<!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/initdb.sgml,v 1.16 2001/09/03 12:57:50 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/initdb.sgml,v 1.17 2001/09/08 15:24:00 petere Exp $
Postgres documentation
-->
</docinfo>
<refmeta>
- <refentrytitle id="APP-INITDB-TITLE"><application>initdb</application></refentrytitle>
+ <refentrytitle id="APP-INITDB-TITLE">initdb</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo>Application</refmiscinfo>
</refmeta>
<group choice="plain">
<arg>--pgdata </arg>
<arg>-D </arg>
- <replaceable>dbdir</replaceable>
+ <replaceable>directory</replaceable>
</group>
<group>
- <arg>--sysid </arg>
- <arg>-i </arg>
- <replaceable>sysid</replaceable>
+ <arg>--username </arg>
+ <arg>-U </arg>
+ <replaceable>username</replaceable>
</group>
<group><arg>--pwprompt</arg><arg>-W</arg></group>
<group>
Description
</title>
<para>
- <application>initdb</application> creates a new
- <productname>Postgres</productname> database cluster or system. A
- database cluster is a collection of databases that are managed by a
- single postmaster.
+ <command>initdb</command> creates a new
+ <productname>PostgreSQL</productname> database cluster (or database
+ system). A database cluster is a collection of databases that are
+ managed by a single server instance.
</para>
+
<para>
Creating a database system consists of creating the directories in which
the database data will live, generating the shared catalog tables
</para>
<para>
- You must not execute <application>initdb</application> as root; it must
- be run by the Unix user account that will run the database server.
- This is because you cannot run the database server as root either, but the
- server needs to have access to the files <application>initdb</application>
- creates. Furthermore, during the initialization phase, when there are no
- users and no access controls installed, <productname>Postgres</productname>
- will only connect with
- the name of the current Unix user, so you must log in under the account
- that will own the server process.
+ <command>initdb</command> must be run as the user that will own the
+ server process, because the server needs to have access to the
+ files and directories that <command>initdb</command> creates.
+ Since the server may not be run as root, you must not run
+ <command>initdb</command> as root either. (It will in fact refuse
+ to do so.)
</para>
<para>
- Although <application>initdb</application> will attempt to create the
+ Although <command>initdb</command> will attempt to create the
specified data directory, often it won't have permission to do so,
since the parent of the desired data directory is often a root-owned
directory. To set up an arrangement like this, create an empty data
- directory as root, then use <application>chown</application> to hand over
+ directory as root, then use <command>chown</command> to hand over
ownership of that directory to the database user account, then
- <application>su</application> to become the database user, and
- finally run <application>initdb</application> as the database user.
+ <command>su</command> to become the database user, and
+ finally run <command>initdb</command> as the database user.
</para>
<refsect2>
<para>
<variablelist>
<varlistentry>
- <term>--pgdata=<replaceable class="parameter">dbdir</replaceable></term>
- <term>-D <replaceable class="parameter">dbdir</replaceable></term>
+ <term>--pgdata=<replaceable class="parameter">directory</replaceable></term>
+ <term>-D <replaceable class="parameter">directory</replaceable></term>
<listitem>
<para>
- This option specifies where in the file system the database
+ This option specifies the directory where the database system
should be stored. This is the only information required by
- <application>initdb</application>, but you can avoid writing it by
+ <command>initdb</command>, but you can avoid writing it by
setting the <envar>PGDATA</envar> environment variable, which
can be convenient since the database server
- (<filename>postmaster</filename>) can find the database
+ (<command>postmaster</command>) can find the database
directory later by the same variable.
</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>--sysid=<replaceable class="parameter">sysid</replaceable></term>
- <term>-i <replaceable class="parameter">sysid</replaceable></term>
+ <term>--username=<replaceable class="parameter">username</replaceable></term>
+ <term>-U <replaceable class="parameter">username</replaceable></term>
<listitem>
<para>
- Selects the system id of the database superuser. This defaults
- to the effective user id of the user running
- <application>initdb</application>. It is really not important
- what the superuser's sysid is, but one might choose to start
- the numbering at some number like 1.
+ Selects the user name of the database superuser. This defaults
+ to the name of the effective user running
+ <command>initdb</command>. It is really not important what the
+ superuser's name is, but one might choose to keep the
+ customary name <quote>postgres</quote>, even if the operating
+ system user's name is different.
</para>
</listitem>
</varlistentry>
<term>-W</term>
<listitem>
<para>
- Makes <application>initdb</application> prompt for a password
+ Makes <command>initdb</command> prompt for a password
to give the database superuser. If you don't plan on using password
authentication, this is not important. Otherwise you won't be
able to use password authentication until you have a password
<term>-L <replaceable class="parameter">directory</replaceable></term>
<listitem>
<para>
- Specifies where <application>initdb</application> should find
+ Specifies where <command>initdb</command> should find
its input files to initialize the database system. This is
normally not necessary. You will be told if you need to
specify their location explicitly.
<term>-n</term>
<listitem>
<para>
- By default, when <application>initdb</application>
+ By default, when <command>initdb</command>
determines that an error prevented it from completely creating the database
system, it removes any files it may have created before discovering
that it can't finish the job. This option inhibits tidying-up and is
<para>
Print debugging output from the bootstrap backend and a few other
messages of lesser interest for the general public.
- The bootstrap backend is the program <application>initdb</application>
+ The bootstrap backend is the program <command>initdb</command>
uses to create the catalog tables. This option generates a tremendous
amount of extremely boring output.
</para>
</refsect1>
<refsect1>
- <title>See also</title>
+ <title>Environment</title>
+
+ <variablelist>
+ <varlistentry>
+ <term><envar>PGDATA</envar></term>
+
+ <listitem>
+ <para>
+ Specifies the directory where the database system is to be
+ stored; may be overridden using the <option>-D</option> option.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
- <simpara>
- <citetitle>PostgreSQL Administrator's Guide</citetitle>
- </simpara>
+ <simplelist type="inline">
+ <member><xref linkend="app-postgres"></member>
+ <member><xref linkend="app-postmaster"></member>
+ <member><citetitle>PostgreSQL Administrator's Guide</citetitle></member>
+ </simplelist>
</refsect1>
</refentry>
<!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/postgres-ref.sgml,v 1.18 2001/09/03 12:57:50 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/postgres-ref.sgml,v 1.19 2001/09/08 15:24:00 petere Exp $
Postgres documentation
-->
<arg>-i</arg>
<arg>-L</arg>
<arg>-N</arg>
- <arg>-o <replaceable>file-name</replaceable></arg>
+ <arg>-o <replaceable>filename</replaceable></arg>
<arg>-O</arg>
<arg>-P</arg>
<group>
<arg>-F</arg>
<arg>-i</arg>
<arg>-L</arg>
- <arg>-o <replaceable>file-name</replaceable></arg>
+ <arg>-o <replaceable>filename</replaceable></arg>
<arg>-O</arg>
<arg>-p <replaceable>database</replaceable></arg>
<arg>-P</arg>
</para>
<para>
- When running a stand-alone backend the session user name will
- automatically be set to the current effective Unix user name. If
- that user does not exist the server will not start.
+ When running a stand-alone backend, the session user will be set to
+ the user with id 1. This user does not actually have to exist, so
+ a stand-alone backend can be used to manually recover from certain
+ kinds of accidental damage to the system catalogs. Implicit
+ superuser powers are granted to the user with id 1 in stand-alone
+ mode.
</para>
<refsect2>
</varlistentry>
<varlistentry>
- <term>-o <replaceable class="parameter">file-name</replaceable></term>
+ <term>-o <replaceable class="parameter">filename</replaceable></term>
<listitem>
<para>
Sends all debugging and error output to
- <replaceable class="parameter">OutputFile</replaceable>.
+ <replaceable class="parameter">filename</replaceable>.
If the backend is running under the <application>postmaster</application>,
error messages are still sent to the frontend process as well as to
- <replaceable class="parameter">OutputFile</replaceable>,
+ <replaceable class="parameter">filename</replaceable>,
but debugging output is sent to the controlling tty of the
<application>postmaster</application>
(since only one file descriptor can be sent to an actual file).
</refsect1>
<refsect1>
- <title>See also</title>
+ <title>See Also</title>
<para>
<xref linkend="app-initdb">,
<para>
In order to bootstrap the database system, a freshly initialized
- system always contains one predefined user. This user will have
- the same name as the operating system user that initialized the
- area (and is presumably being used as the user that runs the
- server). Thus, often an initial user <quote>postgres</quote>
- exists. In order to create more users you have to first connect as
- this initial user.
+ system always contains one predefined user. This user will have the
+ fixed id 1, and by default (unless altered when running
+ <command>initdb</command>) it will have the same name as the
+ operating system user that initialized the area (and is presumably
+ being used as the user that runs the server). Customarily, this user
+ will be called <quote>postgres</quote>. In order to create more
+ users you have to first connect as this initial user.
</para>
<para>
#
#
# IDENTIFICATION
-# $Header: /cvsroot/pgsql/src/backend/catalog/Attic/genbki.sh,v 1.23 2001/08/26 16:55:59 tgl Exp $
+# $Header: /cvsroot/pgsql/src/backend/catalog/Attic/genbki.sh,v 1.24 2001/09/08 15:24:00 petere Exp $
#
# NOTES
# non-essential whitespace is removed from the generated file.
-e "s/[ ]TransactionId/ xid/g" \
-e "s/^TransactionId/xid/g" \
-e "s/(TransactionId/(xid/g" \
+ -e "s/PGUID/1/g" \
-e "s/NAMEDATALEN/$NAMEDATALEN/g" \
-e "s/DEFAULT_ATTSTATTARGET/$DEFAULTATTSTATTARGET/g" \
-e "s/INDEX_MAX_KEYS\*2/$INDEXMAXKEYS2/g" \
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.82 2001/08/17 02:59:19 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.83 2001/09/08 15:24:00 petere Exp $
*
*-------------------------------------------------------------------------
*/
bool user_exists = false,
sysid_exists = false,
havesysid = false;
- int max_id = -1;
+ int max_id;
List *item, *option;
char *password = NULL; /* PostgreSQL user password */
bool encrypt_password = Password_encryption; /* encrypt password? */
if (dsysid)
{
sysid = intVal(dsysid->arg);
+ if (sysid <= 0)
+ elog(ERROR, "user id must be positive");
havesysid = true;
}
if (dvalidUntil)
pg_shadow_dsc = RelationGetDescr(pg_shadow_rel);
scan = heap_beginscan(pg_shadow_rel, false, SnapshotNow, 0, NULL);
+ max_id = 99; /* start auto-assigned ids at 100 */
while (!user_exists && !sysid_exists &&
HeapTupleIsValid(tuple = heap_getnext(scan, 0)))
{
new_record[Anum_pg_shadow_usetrace - 1] = heap_getattr(tuple, Anum_pg_shadow_usetrace, pg_shadow_dsc, &null);
new_record_nulls[Anum_pg_shadow_usetrace - 1] = null ? 'n' : ' ';
- /* createuser (superuser) */
+ /*
+ * createuser (superuser) and catupd
+ *
+ * XXX It's rather unclear how to handle catupd. It's probably
+ * best to keep it equal to the superuser status, otherwise you
+ * could end up with a situation where no existing superuser can
+ * alter the catalogs, including pg_shadow!
+ */
if (createuser < 0)
{
/* don't change */
new_record[Anum_pg_shadow_usesuper - 1] = heap_getattr(tuple, Anum_pg_shadow_usesuper, pg_shadow_dsc, &null);
new_record_nulls[Anum_pg_shadow_usesuper - 1] = null ? 'n' : ' ';
+
+ new_record[Anum_pg_shadow_usecatupd - 1] = heap_getattr(tuple, Anum_pg_shadow_usecatupd, pg_shadow_dsc, &null);
+ new_record_nulls[Anum_pg_shadow_usecatupd - 1] = null ? 'n' : ' ';
}
else
{
new_record[Anum_pg_shadow_usesuper - 1] = BoolGetDatum(createuser > 0);
new_record_nulls[Anum_pg_shadow_usesuper - 1] = ' ';
- }
- /* catupd - set to false if someone's superuser priv is being yanked */
- if (createuser == 0)
- {
- new_record[Anum_pg_shadow_usecatupd - 1] = BoolGetDatum(false);
+ new_record[Anum_pg_shadow_usecatupd - 1] = BoolGetDatum(createuser > 0);
new_record_nulls[Anum_pg_shadow_usecatupd - 1] = ' ';
}
- else
- {
- /* leave alone */
- new_record[Anum_pg_shadow_usecatupd - 1] = heap_getattr(tuple, Anum_pg_shadow_usecatupd, pg_shadow_dsc, &null);
- new_record_nulls[Anum_pg_shadow_usecatupd - 1] = null ? 'n' : ' ';
- }
/* password */
if (password)
usesysid = DatumGetInt32(heap_getattr(tuple, Anum_pg_shadow_usesysid, pg_shadow_dsc, &null));
+ if (usesysid == GetUserId())
+ elog(ERROR, "current user cannot be dropped");
+ if (usesysid == GetSessionUserId())
+ elog(ERROR, "session user cannot be dropped");
+
/*
* Check if user still owns a database. If so, error out.
*
bool group_exists = false,
sysid_exists = false,
havesysid = false;
- int max_id = 0;
+ int max_id;
Datum new_record[Natts_pg_group];
char new_record_nulls[Natts_pg_group];
List *item,
if (dsysid)
{
sysid = intVal(dsysid->arg);
+ if (sysid <= 0)
+ elog(ERROR, "group id must be positive");
havesysid = true;
}
pg_group_dsc = RelationGetDescr(pg_group_rel);
scan = heap_beginscan(pg_group_rel, false, SnapshotNow, 0, NULL);
+ max_id = 99; /* start auto-assigned ids at 100 */
while (!group_exists && !sysid_exists &&
HeapTupleIsValid(tuple = heap_getnext(scan, false)))
{
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.76 2001/08/15 07:07:40 ishii Exp $
+ * $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.77 2001/09/08 15:24:00 petere Exp $
*
*-------------------------------------------------------------------------
*/
}
+void
+InitializeSessionUserIdStandalone(void)
+{
+ /* This function should only be called in a single-user backend. */
+ AssertState(!IsUnderPostmaster);
+
+ /* call only once */
+ AssertState(!OidIsValid(SessionUserId));
+
+ SetSessionUserId(BOOTSTRAP_USESYSID);
+ AuthenticatedUserIsSuperuser = true;
+}
+
+
/*
* Change session auth ID while running
*/
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.90 2001/09/07 00:27:29 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.91 2001/09/08 15:24:00 petere Exp $
*
*
*-------------------------------------------------------------------------
#include "access/heapam.h"
#include "catalog/catname.h"
#include "catalog/pg_database.h"
+#include "catalog/pg_shadow.h"
#include "commands/trigger.h"
#include "commands/variable.h" /* for set_default_client_encoding() */
#include "mb/pg_wchar.h"
static void ReverifyMyDatabase(const char *name);
static void InitCommunication(void);
static void ShutdownPostgres(void);
+static bool ThereIsAtLeastOneUser(void);
int lockingOff = 0; /* backend -L switch */
LockDisable(true);
/*
- * Figure out our postgres user id. If bootstrapping, we can't
- * assume that pg_shadow exists yet, so fake it.
+ * Figure out our postgres user id. In standalone mode we use a
+ * fixed id, otherwise we figure it out from the authenticated
+ * user name.
*/
if (bootstrap)
- SetSessionUserId(geteuid());
+ InitializeSessionUserIdStandalone();
+ else if (!IsUnderPostmaster)
+ {
+ InitializeSessionUserIdStandalone();
+ if (!ThereIsAtLeastOneUser())
+ {
+ elog(NOTICE, "There are currently no users defined in this database system.");
+ elog(NOTICE, "You should immediately run 'CREATE USER \"%s\" WITH SYSID %d CREATEUSER;'.",
+ username, BOOTSTRAP_USESYSID);
+ }
+ }
else
+ /* normal multiuser case */
InitializeSessionUserId(username);
/*
*/
smgrDoPendingDeletes(false);/* delete as though aborting xact */
}
+
+
+
+/*
+ * Returns true if at least one user is defined in this database cluster.
+ */
+static bool
+ThereIsAtLeastOneUser(void)
+{
+ Relation pg_shadow_rel;
+ TupleDesc pg_shadow_dsc;
+ HeapScanDesc scan;
+ bool result;
+
+ pg_shadow_rel = heap_openr(ShadowRelationName, AccessExclusiveLock);
+ pg_shadow_dsc = RelationGetDescr(pg_shadow_rel);
+
+ scan = heap_beginscan(pg_shadow_rel, false, SnapshotNow, 0, 0);
+ result = HeapTupleIsValid(heap_getnext(scan, 0));
+
+ heap_endscan(scan);
+ heap_close(pg_shadow_rel, AccessExclusiveLock);
+
+ return result;
+}
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/utils/misc/superuser.c,v 1.18 2001/06/13 21:44:41 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/utils/misc/superuser.c,v 1.19 2001/09/08 15:24:00 petere Exp $
*
*-------------------------------------------------------------------------
*/
bool result = false;
HeapTuple utup;
+ /* Special escape path in case you deleted all your users. */
+ if (!IsUnderPostmaster && GetUserId() == BOOTSTRAP_USESYSID)
+ return true;
+
utup = SearchSysCache(SHADOWSYSID,
ObjectIdGetDatum(GetUserId()),
0, 0, 0);
# Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
# Portions Copyright (c) 1994, Regents of the University of California
#
-# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.136 2001/09/06 04:57:29 ishii Exp $
+# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.137 2001/09/08 15:24:00 petere Exp $
#
#-------------------------------------------------------------------------
# user with the same name as the Unix user running it. That's
# a security measure.
POSTGRES_SUPERUSERNAME="$EffectiveUser"
-POSTGRES_SUPERUSERID=`$PGPATH/pg_id -u`
while [ "$#" -gt 0 ]
do
noclean=yes
echo "Running with noclean mode on. Mistakes will not be cleaned up."
;;
-# The sysid of the database superuser. Can be freely changed.
- --sysid|-i)
- POSTGRES_SUPERUSERID="$2"
+# The name of the database superuser. Can be freely changed.
+ --username|-U)
+ POSTGRES_SUPERUSERNAME="$2"
shift;;
- --sysid=*)
- POSTGRES_SUPERUSERID=`echo $1 | sed 's/^--sysid=//'`
+ --username=*)
+ POSTGRES_SUPERUSERNAME=`echo $1 | sed 's/^--username=//'`
;;
- -i*)
- POSTGRES_SUPERUSERID=`echo $1 | sed 's/^-i//'`
+ -U*)
+ POSTGRES_SUPERUSERNAME=`echo $1 | sed 's/^-U//'`
;;
# The default password of the database superuser.
# Make initdb prompt for the default password of the database superuser.
if [ -n "$MULTIBYTE" ] ; then
echo " -E, --encoding ENCODING Set the default multibyte encoding for new databases"
fi
- echo " -i, --sysid SYSID Database sysid for the superuser"
+ echo " -U, --username NAME Database superuser name"
echo "Less commonly used options: "
echo " -L DIRECTORY Where to find the input files"
echo " -d, --debug Generate lots of debugging output"
echo
echo "initdb variables:"
for var in PGDATA datadir PGPATH MULTIBYTE MULTIBYTEID \
- POSTGRES_SUPERUSERNAME POSTGRES_SUPERUSERID POSTGRES_BKI \
+ POSTGRES_SUPERUSERNAME POSTGRES_BKI \
POSTGRES_DESCR POSTGRESQL_CONF_SAMPLE \
PG_HBA_SAMPLE PG_IDENT_SAMPLE ; do
eval "echo ' '$var=\$$var"
trap 'echo "Caught signal." ; exit_nicely' 1 2 3 15
# Let's go
-echo "This database system will be initialized with user name \"$POSTGRES_SUPERUSERNAME\"."
-echo "This user will own all the data files and must also own the server process."
+echo "The files belonging to this database system will be owned by user \"$EffectiveUser\"."
+echo "This user must also own the server process."
echo
-
##########################################################################
#
# CREATE DATABASE DIRECTORY
cat "$POSTGRES_BKI" \
| sed -e "s/POSTGRES/$POSTGRES_SUPERUSERNAME/g" \
- -e "s/PGUID/$POSTGRES_SUPERUSERID/g" \
-e "s/ENCODING/$MULTIBYTEID/g" \
| "$PGPATH"/postgres -boot -x1 $PGSQL_OPT $BACKEND_TALK_ARG template1 \
|| exit_nicely
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Id: catversion.h,v 1.93 2001/08/26 16:56:00 tgl Exp $
+ * $Id: catversion.h,v 1.94 2001/09/08 15:24:00 petere Exp $
*
*-------------------------------------------------------------------------
*/
*/
/* yyyymmddN */
-#define CATALOG_VERSION_NO 200108251
+#define CATALOG_VERSION_NO 200109081
#endif
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Id: pg_shadow.h,v 1.13 2001/08/10 18:57:41 tgl Exp $
+ * $Id: pg_shadow.h,v 1.14 2001/09/08 15:24:00 petere Exp $
*
* NOTES
* the genbki.sh script reads this file and generates .bki
*/
DATA(insert ( "POSTGRES" PGUID t t t t _null_ _null_ ));
+#define BOOTSTRAP_USESYSID 1
+
#endif /* PG_SHADOW_H */
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Id: miscadmin.h,v 1.89 2001/08/15 18:42:15 momjian Exp $
+ * $Id: miscadmin.h,v 1.90 2001/09/08 15:24:00 petere Exp $
*
* NOTES
* some of the information in this file should be moved to
extern Oid GetSessionUserId(void);
extern void SetSessionUserId(Oid userid);
extern void InitializeSessionUserId(const char *username);
+extern void InitializeSessionUserIdStandalone(void);
extern void SetSessionAuthorization(const char *username);
extern void SetDataDir(const char *dir);
OSDN Git Service
