diff --git a/doc/src/sgml/ref/initdb.sgml b/doc/src/sgml/ref/initdb.sgml index 9e94eccf76..bab8dcf108 100644 --- a/doc/src/sgml/ref/initdb.sgml +++ b/doc/src/sgml/ref/initdb.sgml @@ -1,5 +1,5 @@ @@ -9,7 +9,7 @@ Postgres documentation - initdb + initdb 1 Application @@ -25,12 +25,12 @@ Postgres documentation --pgdata -D - dbdir + directory - --sysid - -i - sysid + --username + -U + username --pwprompt-W @@ -49,11 +49,12 @@ Postgres documentation Description - initdb creates a new - Postgres database cluster or system. A - database cluster is a collection of databases that are managed by a - single postmaster. + initdb creates a new + PostgreSQL database cluster (or database + system). A database cluster is a collection of databases that are + managed by a single server instance. + Creating a database system consists of creating the directories in which the database data will live, generating the shared catalog tables @@ -66,26 +67,23 @@ Postgres documentation - You must not execute initdb as root; it must - be run by the Unix user account that will run the database server. - This is because you cannot run the database server as root either, but the - server needs to have access to the files initdb - creates. Furthermore, during the initialization phase, when there are no - users and no access controls installed, Postgres - will only connect with - the name of the current Unix user, so you must log in under the account - that will own the server process. + initdb must be run as the user that will own the + server process, because the server needs to have access to the + files and directories that initdb creates. + Since the server may not be run as root, you must not run + initdb as root either. (It will in fact refuse + to do so.) - Although initdb will attempt to create the + Although initdb will attempt to create the specified data directory, often it won't have permission to do so, since the parent of the desired data directory is often a root-owned directory. To set up an arrangement like this, create an empty data - directory as root, then use chown to hand over + directory as root, then use chown to hand over ownership of that directory to the database user account, then - su to become the database user, and - finally run initdb as the database user. + su to become the database user, and + finally run initdb as the database user. @@ -94,31 +92,32 @@ Postgres documentation - --pgdata=dbdir - -D dbdir + --pgdata=directory + -D directory - This option specifies where in the file system the database + This option specifies the directory where the database system should be stored. This is the only information required by - initdb, but you can avoid writing it by + initdb, but you can avoid writing it by setting the PGDATA environment variable, which can be convenient since the database server - (postmaster) can find the database + (postmaster) can find the database directory later by the same variable. - --sysid=sysid - -i sysid + --username=username + -U username - Selects the system id of the database superuser. This defaults - to the effective user id of the user running - initdb. It is really not important - what the superuser's sysid is, but one might choose to start - the numbering at some number like 1. + Selects the user name of the database superuser. This defaults + to the name of the effective user running + initdb. It is really not important what the + superuser's name is, but one might choose to keep the + customary name postgres, even if the operating + system user's name is different. @@ -128,7 +127,7 @@ Postgres documentation -W - Makes initdb prompt for a password + Makes initdb prompt for a password to give the database superuser. If you don't plan on using password authentication, this is not important. Otherwise you won't be able to use password authentication until you have a password @@ -162,7 +161,7 @@ Postgres documentation -L directory - Specifies where initdb should find + Specifies where initdb should find its input files to initialize the database system. This is normally not necessary. You will be told if you need to specify their location explicitly. @@ -175,7 +174,7 @@ Postgres documentation -n - By default, when initdb + By default, when initdb determines that an error prevented it from completely creating the database system, it removes any files it may have created before discovering that it can't finish the job. This option inhibits tidying-up and is @@ -191,7 +190,7 @@ Postgres documentation Print debugging output from the bootstrap backend and a few other messages of lesser interest for the general public. - The bootstrap backend is the program initdb + The bootstrap backend is the program initdb uses to create the catalog tables. This option generates a tremendous amount of extremely boring output. @@ -205,11 +204,30 @@ Postgres documentation - See also + Environment - - PostgreSQL Administrator's Guide - + + + PGDATA + + + + Specifies the directory where the database system is to be + stored; may be overridden using the option. + + + + + + + + See Also + + + + + PostgreSQL Administrator's Guide + diff --git a/doc/src/sgml/ref/postgres-ref.sgml b/doc/src/sgml/ref/postgres-ref.sgml index fda88ae1d4..839a1e86a7 100644 --- a/doc/src/sgml/ref/postgres-ref.sgml +++ b/doc/src/sgml/ref/postgres-ref.sgml @@ -1,5 +1,5 @@ @@ -35,7 +35,7 @@ Postgres documentation -i -L -N - -o file-name + -o filename -O -P @@ -58,7 +58,7 @@ Postgres documentation -F -i -L - -o file-name + -o filename -O -p database -P @@ -103,9 +103,12 @@ Postgres documentation - When running a stand-alone backend the session user name will - automatically be set to the current effective Unix user name. If - that user does not exist the server will not start. + When running a stand-alone backend, the session user will be set to + the user with id 1. This user does not actually have to exist, so + a stand-alone backend can be used to manually recover from certain + kinds of accidental damage to the system catalogs. Implicit + superuser powers are granted to the user with id 1 in stand-alone + mode. @@ -157,14 +160,14 @@ Postgres documentation - -o file-name + -o filename Sends all debugging and error output to - OutputFile. + filename. If the backend is running under the postmaster, error messages are still sent to the frontend process as well as to - OutputFile, + filename, but debugging output is sent to the controlling tty of the postmaster (since only one file descriptor can be sent to an actual file). @@ -359,7 +362,7 @@ Postgres documentation - See also + See Also , diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 12b4bfe9a5..0da598fbf4 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -34,12 +34,13 @@ CREATE USER name In order to bootstrap the database system, a freshly initialized - system always contains one predefined user. This user will have - the same name as the operating system user that initialized the - area (and is presumably being used as the user that runs the - server). Thus, often an initial user postgres - exists. In order to create more users you have to first connect as - this initial user. + system always contains one predefined user. This user will have the + fixed id 1, and by default (unless altered when running + initdb) it will have the same name as the + operating system user that initialized the area (and is presumably + being used as the user that runs the server). Customarily, this user + will be called postgres. In order to create more + users you have to first connect as this initial user. diff --git a/src/backend/catalog/genbki.sh b/src/backend/catalog/genbki.sh index 25c8d7d2d4..850c329579 100644 --- a/src/backend/catalog/genbki.sh +++ b/src/backend/catalog/genbki.sh @@ -10,7 +10,7 @@ # # # IDENTIFICATION -# $Header: /cvsroot/pgsql/src/backend/catalog/Attic/genbki.sh,v 1.23 2001/08/26 16:55:59 tgl Exp $ +# $Header: /cvsroot/pgsql/src/backend/catalog/Attic/genbki.sh,v 1.24 2001/09/08 15:24:00 petere Exp $ # # NOTES # non-essential whitespace is removed from the generated file. @@ -183,6 +183,7 @@ sed -e "s/;[ ]*$//g" \ -e "s/[ ]TransactionId/ xid/g" \ -e "s/^TransactionId/xid/g" \ -e "s/(TransactionId/(xid/g" \ + -e "s/PGUID/1/g" \ -e "s/NAMEDATALEN/$NAMEDATALEN/g" \ -e "s/DEFAULT_ATTSTATTARGET/$DEFAULTATTSTATTARGET/g" \ -e "s/INDEX_MAX_KEYS\*2/$INDEXMAXKEYS2/g" \ diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index d830dfdfc9..122a490361 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -6,7 +6,7 @@ * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.82 2001/08/17 02:59:19 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.83 2001/09/08 15:24:00 petere Exp $ * *------------------------------------------------------------------------- */ @@ -198,7 +198,7 @@ CreateUser(CreateUserStmt *stmt) bool user_exists = false, sysid_exists = false, havesysid = false; - int max_id = -1; + int max_id; List *item, *option; char *password = NULL; /* PostgreSQL user password */ bool encrypt_password = Password_encryption; /* encrypt password? */ @@ -268,6 +268,8 @@ CreateUser(CreateUserStmt *stmt) if (dsysid) { sysid = intVal(dsysid->arg); + if (sysid <= 0) + elog(ERROR, "user id must be positive"); havesysid = true; } if (dvalidUntil) @@ -294,6 +296,7 @@ CreateUser(CreateUserStmt *stmt) pg_shadow_dsc = RelationGetDescr(pg_shadow_rel); scan = heap_beginscan(pg_shadow_rel, false, SnapshotNow, 0, NULL); + max_id = 99; /* start auto-assigned ids at 100 */ while (!user_exists && !sysid_exists && HeapTupleIsValid(tuple = heap_getnext(scan, 0))) { @@ -550,31 +553,31 @@ AlterUser(AlterUserStmt *stmt) new_record[Anum_pg_shadow_usetrace - 1] = heap_getattr(tuple, Anum_pg_shadow_usetrace, pg_shadow_dsc, &null); new_record_nulls[Anum_pg_shadow_usetrace - 1] = null ? 'n' : ' '; - /* createuser (superuser) */ + /* + * createuser (superuser) and catupd + * + * XXX It's rather unclear how to handle catupd. It's probably + * best to keep it equal to the superuser status, otherwise you + * could end up with a situation where no existing superuser can + * alter the catalogs, including pg_shadow! + */ if (createuser < 0) { /* don't change */ new_record[Anum_pg_shadow_usesuper - 1] = heap_getattr(tuple, Anum_pg_shadow_usesuper, pg_shadow_dsc, &null); new_record_nulls[Anum_pg_shadow_usesuper - 1] = null ? 'n' : ' '; + + new_record[Anum_pg_shadow_usecatupd - 1] = heap_getattr(tuple, Anum_pg_shadow_usecatupd, pg_shadow_dsc, &null); + new_record_nulls[Anum_pg_shadow_usecatupd - 1] = null ? 'n' : ' '; } else { new_record[Anum_pg_shadow_usesuper - 1] = BoolGetDatum(createuser > 0); new_record_nulls[Anum_pg_shadow_usesuper - 1] = ' '; - } - /* catupd - set to false if someone's superuser priv is being yanked */ - if (createuser == 0) - { - new_record[Anum_pg_shadow_usecatupd - 1] = BoolGetDatum(false); + new_record[Anum_pg_shadow_usecatupd - 1] = BoolGetDatum(createuser > 0); new_record_nulls[Anum_pg_shadow_usecatupd - 1] = ' '; } - else - { - /* leave alone */ - new_record[Anum_pg_shadow_usecatupd - 1] = heap_getattr(tuple, Anum_pg_shadow_usecatupd, pg_shadow_dsc, &null); - new_record_nulls[Anum_pg_shadow_usecatupd - 1] = null ? 'n' : ' '; - } /* password */ if (password) @@ -692,6 +695,11 @@ DropUser(DropUserStmt *stmt) usesysid = DatumGetInt32(heap_getattr(tuple, Anum_pg_shadow_usesysid, pg_shadow_dsc, &null)); + if (usesysid == GetUserId()) + elog(ERROR, "current user cannot be dropped"); + if (usesysid == GetSessionUserId()) + elog(ERROR, "session user cannot be dropped"); + /* * Check if user still owns a database. If so, error out. * @@ -825,7 +833,7 @@ CreateGroup(CreateGroupStmt *stmt) bool group_exists = false, sysid_exists = false, havesysid = false; - int max_id = 0; + int max_id; Datum new_record[Natts_pg_group]; char new_record_nulls[Natts_pg_group]; List *item, @@ -859,6 +867,8 @@ CreateGroup(CreateGroupStmt *stmt) if (dsysid) { sysid = intVal(dsysid->arg); + if (sysid <= 0) + elog(ERROR, "group id must be positive"); havesysid = true; } @@ -875,6 +885,7 @@ CreateGroup(CreateGroupStmt *stmt) pg_group_dsc = RelationGetDescr(pg_group_rel); scan = heap_beginscan(pg_group_rel, false, SnapshotNow, 0, NULL); + max_id = 99; /* start auto-assigned ids at 100 */ while (!group_exists && !sysid_exists && HeapTupleIsValid(tuple = heap_getnext(scan, false))) { diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c index a57f3d2624..e6da787bc4 100644 --- a/src/backend/utils/init/miscinit.c +++ b/src/backend/utils/init/miscinit.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.76 2001/08/15 07:07:40 ishii Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.77 2001/09/08 15:24:00 petere Exp $ * *------------------------------------------------------------------------- */ @@ -476,6 +476,20 @@ InitializeSessionUserId(const char *username) } +void +InitializeSessionUserIdStandalone(void) +{ + /* This function should only be called in a single-user backend. */ + AssertState(!IsUnderPostmaster); + + /* call only once */ + AssertState(!OidIsValid(SessionUserId)); + + SetSessionUserId(BOOTSTRAP_USESYSID); + AuthenticatedUserIsSuperuser = true; +} + + /* * Change session auth ID while running */ diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index 51c95fb141..60338397db 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.90 2001/09/07 00:27:29 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.91 2001/09/08 15:24:00 petere Exp $ * * *------------------------------------------------------------------------- @@ -25,6 +25,7 @@ #include "access/heapam.h" #include "catalog/catname.h" #include "catalog/pg_database.h" +#include "catalog/pg_shadow.h" #include "commands/trigger.h" #include "commands/variable.h" /* for set_default_client_encoding() */ #include "mb/pg_wchar.h" @@ -43,6 +44,7 @@ static void ReverifyMyDatabase(const char *name); static void InitCommunication(void); static void ShutdownPostgres(void); +static bool ThereIsAtLeastOneUser(void); int lockingOff = 0; /* backend -L switch */ @@ -329,12 +331,24 @@ InitPostgres(const char *dbname, const char *username) LockDisable(true); /* - * Figure out our postgres user id. If bootstrapping, we can't - * assume that pg_shadow exists yet, so fake it. + * Figure out our postgres user id. In standalone mode we use a + * fixed id, otherwise we figure it out from the authenticated + * user name. */ if (bootstrap) - SetSessionUserId(geteuid()); + InitializeSessionUserIdStandalone(); + else if (!IsUnderPostmaster) + { + InitializeSessionUserIdStandalone(); + if (!ThereIsAtLeastOneUser()) + { + elog(NOTICE, "There are currently no users defined in this database system."); + elog(NOTICE, "You should immediately run 'CREATE USER \"%s\" WITH SYSID %d CREATEUSER;'.", + username, BOOTSTRAP_USESYSID); + } + } else + /* normal multiuser case */ InitializeSessionUserId(username); /* @@ -406,3 +420,28 @@ ShutdownPostgres(void) */ smgrDoPendingDeletes(false);/* delete as though aborting xact */ } + + + +/* + * Returns true if at least one user is defined in this database cluster. + */ +static bool +ThereIsAtLeastOneUser(void) +{ + Relation pg_shadow_rel; + TupleDesc pg_shadow_dsc; + HeapScanDesc scan; + bool result; + + pg_shadow_rel = heap_openr(ShadowRelationName, AccessExclusiveLock); + pg_shadow_dsc = RelationGetDescr(pg_shadow_rel); + + scan = heap_beginscan(pg_shadow_rel, false, SnapshotNow, 0, 0); + result = HeapTupleIsValid(heap_getnext(scan, 0)); + + heap_endscan(scan); + heap_close(pg_shadow_rel, AccessExclusiveLock); + + return result; +} diff --git a/src/backend/utils/misc/superuser.c b/src/backend/utils/misc/superuser.c index 73cfe8cb97..2f09202848 100644 --- a/src/backend/utils/misc/superuser.c +++ b/src/backend/utils/misc/superuser.c @@ -10,7 +10,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/utils/misc/superuser.c,v 1.18 2001/06/13 21:44:41 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/misc/superuser.c,v 1.19 2001/09/08 15:24:00 petere Exp $ * *------------------------------------------------------------------------- */ @@ -34,6 +34,10 @@ superuser(void) bool result = false; HeapTuple utup; + /* Special escape path in case you deleted all your users. */ + if (!IsUnderPostmaster && GetUserId() == BOOTSTRAP_USESYSID) + return true; + utup = SearchSysCache(SHADOWSYSID, ObjectIdGetDatum(GetUserId()), 0, 0, 0); diff --git a/src/bin/initdb/initdb.sh b/src/bin/initdb/initdb.sh index 16f7cb95d3..ae16fe1c0e 100644 --- a/src/bin/initdb/initdb.sh +++ b/src/bin/initdb/initdb.sh @@ -27,7 +27,7 @@ # Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group # Portions Copyright (c) 1994, Regents of the University of California # -# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.136 2001/09/06 04:57:29 ishii Exp $ +# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.137 2001/09/08 15:24:00 petere Exp $ # #------------------------------------------------------------------------- @@ -183,7 +183,6 @@ show_setting= # user with the same name as the Unix user running it. That's # a security measure. POSTGRES_SUPERUSERNAME="$EffectiveUser" -POSTGRES_SUPERUSERID=`$PGPATH/pg_id -u` while [ "$#" -gt 0 ] do @@ -207,15 +206,15 @@ do noclean=yes echo "Running with noclean mode on. Mistakes will not be cleaned up." ;; -# The sysid of the database superuser. Can be freely changed. - --sysid|-i) - POSTGRES_SUPERUSERID="$2" +# The name of the database superuser. Can be freely changed. + --username|-U) + POSTGRES_SUPERUSERNAME="$2" shift;; - --sysid=*) - POSTGRES_SUPERUSERID=`echo $1 | sed 's/^--sysid=//'` + --username=*) + POSTGRES_SUPERUSERNAME=`echo $1 | sed 's/^--username=//'` ;; - -i*) - POSTGRES_SUPERUSERID=`echo $1 | sed 's/^-i//'` + -U*) + POSTGRES_SUPERUSERNAME=`echo $1 | sed 's/^-U//'` ;; # The default password of the database superuser. # Make initdb prompt for the default password of the database superuser. @@ -276,7 +275,7 @@ if [ "$usage" ]; then if [ -n "$MULTIBYTE" ] ; then echo " -E, --encoding ENCODING Set the default multibyte encoding for new databases" fi - echo " -i, --sysid SYSID Database sysid for the superuser" + echo " -U, --username NAME Database superuser name" echo "Less commonly used options: " echo " -L DIRECTORY Where to find the input files" echo " -d, --debug Generate lots of debugging output" @@ -343,7 +342,7 @@ then echo echo "initdb variables:" for var in PGDATA datadir PGPATH MULTIBYTE MULTIBYTEID \ - POSTGRES_SUPERUSERNAME POSTGRES_SUPERUSERID POSTGRES_BKI \ + POSTGRES_SUPERUSERNAME POSTGRES_BKI \ POSTGRES_DESCR POSTGRESQL_CONF_SAMPLE \ PG_HBA_SAMPLE PG_IDENT_SAMPLE ; do eval "echo ' '$var=\$$var" @@ -384,11 +383,10 @@ done trap 'echo "Caught signal." ; exit_nicely' 1 2 3 15 # Let's go -echo "This database system will be initialized with user name \"$POSTGRES_SUPERUSERNAME\"." -echo "This user will own all the data files and must also own the server process." +echo "The files belonging to this database system will be owned by user \"$EffectiveUser\"." +echo "This user must also own the server process." echo - ########################################################################## # # CREATE DATABASE DIRECTORY @@ -467,7 +465,6 @@ mkdir "$PGDATA"/base/1 || exit_nicely cat "$POSTGRES_BKI" \ | sed -e "s/POSTGRES/$POSTGRES_SUPERUSERNAME/g" \ - -e "s/PGUID/$POSTGRES_SUPERUSERID/g" \ -e "s/ENCODING/$MULTIBYTEID/g" \ | "$PGPATH"/postgres -boot -x1 $PGSQL_OPT $BACKEND_TALK_ARG template1 \ || exit_nicely diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h index 0b67a37ad2..d583d88628 100644 --- a/src/include/catalog/catversion.h +++ b/src/include/catalog/catversion.h @@ -37,7 +37,7 @@ * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $Id: catversion.h,v 1.93 2001/08/26 16:56:00 tgl Exp $ + * $Id: catversion.h,v 1.94 2001/09/08 15:24:00 petere Exp $ * *------------------------------------------------------------------------- */ @@ -53,6 +53,6 @@ */ /* yyyymmddN */ -#define CATALOG_VERSION_NO 200108251 +#define CATALOG_VERSION_NO 200109081 #endif diff --git a/src/include/catalog/pg_shadow.h b/src/include/catalog/pg_shadow.h index 49320b4e7d..7a88e868b7 100644 --- a/src/include/catalog/pg_shadow.h +++ b/src/include/catalog/pg_shadow.h @@ -9,7 +9,7 @@ * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $Id: pg_shadow.h,v 1.13 2001/08/10 18:57:41 tgl Exp $ + * $Id: pg_shadow.h,v 1.14 2001/09/08 15:24:00 petere Exp $ * * NOTES * the genbki.sh script reads this file and generates .bki @@ -71,4 +71,6 @@ typedef FormData_pg_shadow *Form_pg_shadow; */ DATA(insert ( "POSTGRES" PGUID t t t t _null_ _null_ )); +#define BOOTSTRAP_USESYSID 1 + #endif /* PG_SHADOW_H */ diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h index 89e0670911..be1fbdd4ef 100644 --- a/src/include/miscadmin.h +++ b/src/include/miscadmin.h @@ -12,7 +12,7 @@ * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $Id: miscadmin.h,v 1.89 2001/08/15 18:42:15 momjian Exp $ + * $Id: miscadmin.h,v 1.90 2001/09/08 15:24:00 petere Exp $ * * NOTES * some of the information in this file should be moved to @@ -211,6 +211,7 @@ extern void SetUserId(Oid userid); extern Oid GetSessionUserId(void); extern void SetSessionUserId(Oid userid); extern void InitializeSessionUserId(const char *username); +extern void InitializeSessionUserIdStandalone(void); extern void SetSessionAuthorization(const char *username); extern void SetDataDir(const char *dir);