samuel/netoik-db
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: restrict access to postgres socket

Browse Source
This commit is contained in:
samuel
2026-02-24 13:37:10 +01:00
parent fe30792dbf
commit 727fa6370f
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
files/postgres/postgresql.conf
View File

@@ -18,6 +18,9 @@ hba_file = '/etc/postgres/pg_hba.conf'
# because we want only uni socket connections # because we want only uni socket connections
listen_addresses = '' listen_addresses = ''
# Forbide access to users not in group postgres
unix_socket_permissions = 0770
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# REPORTING AND LOGGING # REPORTING AND LOGGING

4
netoik-db.spec
View File

@@ -34,7 +34,8 @@ systemctl restart postgresql.service
# Create databases and users from DB_USERS variable (separator is ",") if not existing # Create databases and users from DB_USERS variable (separator is ",") if not existing
IFS="," read -ra users <<< "$DB_USERS"; IFS="," read -ra users <<< "$DB_USERS";
for user in "${users[@]}"; do for user in "${users[@]}"; do
if ! runuser --user=postgres -- psql --quiet --tuples-only --command='\du' | grep --invert-match postgres | grep --quiet "$user"; then usermod --append --groups postgres "$user";
if ! runuser --user=postgres -- psql --quiet --tuples-only --command='\du' | grep --quiet "$user"; then
runuser --user=postgres -- createuser "$user" runuser --user=postgres -- createuser "$user"
runuser --user=postgres -- createdb --owner="$user" "$user" runuser --user=postgres -- createdb --owner="$user" "$user"
fi fi
@@ -50,4 +51,3 @@ done
%changelog %changelog
%autochangelog %autochangelog