Package: dbconfig-common
Version: 2.0.11
Severity: normal
dbconfig-common assumes that, if "ident" auth is used with postgresql, then
the database user must also exist as a local user.
This is ... not true.
The "peer" auth in postgresql just means that the identity of the connecting
user authenticates for the database user. There is no requirement that the
two must be the same.
Given a setup like this, upgrades fail in strange ways:
runuser: options --{shell,fast,command,session-command,login} and --user
are mutually exclusive
Running with `dbc_debug` shows a more useful sequence (long command lines
trimmed because it's only the start that is important):
creating database backup in /var/cache/dbconfig-common/backups/...
runuser --user -- /bin/sh -c "...
unable to connect to postgresql server.
dumping database as user failed, retrying with administrator credentials.
dbc_get_admin_pass() .
runuser --user postgres -- /bin/sh -c "...
runuser --user postgres -- /bin/sh -c "...
_dbc_apply_upgrades() 19.2.
applying upgrade sql for 18.12+dfsg-1 -> 19.2.
runuser --user -- /bin/sh -c "...
error encountered processing /usr/share/dbconfig-common/data/...
runuser: options --{shell,fast,command,session-command,login} and --user
are mutually exclusive
It doesn't help that `runuser` is giving a wildly misleading error here, but
the root cause is the `_dbc_psql_local_username` function having this logic:
if [ "${dbc_dbuser:-}" ] && id $dbc_dbuser >/dev/null 2>&1; then
echo $dbc_dbuser
return 0
else
dbc_error="ident method specified but local account doesn't
exist. mapping isn't supported"
return 1
fi
This is exacerbated by the call sites for this function not checking for
errors, and blithely passing the empty username string to `runuser`.
Ironically, in this configuration (system user is providing the real
authentication for connection over a unix socket), it seems that selecting
password auth and giving a bogus password may work, since pgsql won't be
looking at the password at all.
-- System Information:
Debian Release: 10.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-debug'), (500, 'stable'), (500,
'oldstable'), (490, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.0.0-trunk-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dbconfig-common depends on:
ii debconf [debconf-2.0] 1.5.71
ii ucf 3.0038+nmu1
dbconfig-common recommends no packages.
Versions of packages dbconfig-common suggests:
ii dbconfig-mysql 2.0.11
ii dbconfig-pgsql 2.0.11
ii dbconfig-sqlite3 2.0.11
-- debconf information excluded
