robin.thoni
/
docker-postgres-backup
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 3 Wiki Activity
Browse Source

read only user

tags/9.6-1.1.0
Robin Thoni 7 years ago
parent
75a910fdbf
commit
aaaf91cd1e
1 changed files with 23 additions and 12 deletions
Split View Show Diff Stats
  1. 23
    12
      docker-entrypoint-initdb-core.d/1.1.0_02_master_create_ro_user.sh

+ 23
- 12
docker-entrypoint-initdb-core.d/1.1.0_02_master_create_ro_user.sh View File 

@@ -7,19 +7,30 @@ then
7 7 
 fi
8 8
9 9 
 psql <<-EOF
10 
-  CREATE USER "${POSTGRES_RO_USER}"
11 
-    NOSUPERUSER
12 
-    NOCREATEDB
13 
-    NOCREATEROLE
14 
-    LOGIN
15 
-    ENCRYPTED PASSWORD '${POSTGRES_RO_PASSWORD}';
10 
+CREATE USER ${POSTGRES_RO_USER} WITH ENCRYPTED PASSWORD '${POSTGRES_RO_PASSWORD}';-- NOINHERIT;
16 11
17 
-  REVOKE ALL ON DATABASE ${POSTGRES_DB} FROM ${POSTGRES_RO_USER};
18 
-  GRANT CONNECT ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_RO_USER};
12 
+\c ${POSTGRES_DB}
19 13
20 
-  REVOKE ALL ON SCHEMA public FROM ${POSTGRES_RO_USER};
21 
-  GRANT USAGE ON SCHEMA public TO ${POSTGRES_RO_USER};
14 
+REVOKE ALL ON DATABASE ${POSTGRES_DB} FROM ${POSTGRES_RO_USER};
15 
+GRANT CONNECT ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_RO_USER};
16 
+
17 
+REVOKE ALL ON SCHEMA public FROM ${POSTGRES_RO_USER};
18 
+REVOKE CREATE ON SCHEMA public FROM ${POSTGRES_RO_USER};
19 
+GRANT USAGE ON SCHEMA public TO ${POSTGRES_RO_USER};
20 
+
21 
+REVOKE ALL ON ALL TABLES IN SCHEMA public FROM ${POSTGRES_RO_USER};
22 
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO ${POSTGRES_RO_USER};
23 
+ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON TABLES FROM ${POSTGRES_RO_USER};
24 
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO ${POSTGRES_RO_USER};
25 
+
26 
+REVOKE ALL ON ALL SEQUENCES IN SCHEMA public FROM ${POSTGRES_RO_USER};
27 
+GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO ${POSTGRES_RO_USER};
28 
+ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON SEQUENCES FROM ${POSTGRES_RO_USER};
29 
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE ON SEQUENCES TO ${POSTGRES_RO_USER};
30 
+
31 
+REVOKE ALL ON ALL FUNCTIONS IN SCHEMA public FROM ${POSTGRES_RO_USER};
32 
+GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO ${POSTGRES_RO_USER};
33 
+ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON FUNCTIONS FROM ${POSTGRES_RO_USER};
34 
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO ${POSTGRES_RO_USER};
22 35
23 
-  GRANT SELECT ON ALL TABLES IN SCHEMA public TO ${POSTGRES_RO_USER};
24 
-  ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO ${POSTGRES_RO_USER};
25 36 
 EOF

Write Preview
Loading…
Cancel
Save