[ckan-dev] datastore: permission denied Schema public
User66
user66 at arcor.de
Thu Mar 28 11:06:02 UTC 2013
Hi again,
I have seen some commits according these permission problems and replaced the two files regarding pull request #642, see https://github.com/okfn/ckan/commit/302a9ff87780ce6653f16fd77bf25496b586a9e2
Well, the permission problem seems now to be solved, I don't get internal server errors or exceptions any more.
But the alias table "_table_metadata" is not created. All the API checks using curl fail.
Cheers
Ralf
----------------ursprüngliche Nachricht-----------------
Von: "User66" user66 at arcor.de
An: "CKAN Development Discussions" ckan-dev at lists.okfn.org
Datum: Wed, 27 Mar 2013 09:46:12 +0100
-------------------------------------------------
> Hi,
>
> unfortunately the error has not gone. It now complains that the readonlyuser has
> write permissions.
>
> What I did:
> - Switched postgresql locale to "en_US.UTF-8"
> - Re-Initialized the complete postgresql databases
> - Installed CKAN databases "ckandb" and "datastore"
> - Did a "git pull" to update to latest master branch
> - Set permissions regarding "Option 1: Paster command" - all commands succeed
>
> I am using both DBs on the same server and "ckanuser" as write user for both.
>
> The users in set_permissions.sql are:
> #######################
> -- name of the main CKAN database
> \set maindb 'ckandb'
> -- the name of the datastore database
> \set datastoredb 'datastore'
> -- username of the ckan postgres user
> \set ckanuser "ckanuser"
> -- username of the datastore user that can write
> \set wuser "ckanuser"
> -- username of the datastore user who has only read permissions
> \set rouser "readonlyuser"
> #######################
>
> The error is:
> #######################
> (pyenv)ckan at www :~/pyenv/src/ckan> paster --plugin=ckan db init
> 2013-03-27 09:12:25,893 INFO [ckanext.datastore.plugin] Connection url
> postgresql://readonlyuser:xxx@localhost /datastore
> Traceback (most recent call last):
> File "/opt/ckan/pyenv/bin/paster", line 8, in <module>
> load_entry_point('PasteScript==1.7.5', 'console_scripts', 'paster')()
> File
> "/opt/ckan/pyenv/lib/python2.7/site-packages/paste/script/command.py
> ",
> line 104, in run
> invoke(command, command_name, options, args[1:])
> File
> "/opt/ckan/pyenv/lib/python2.7/site-packages/paste/script/command.py
> ",
> line 143, in invoke
> exit_code = runner.run(args)
> File
> "/opt/ckan/pyenv/lib/python2.7/site-packages/paste/script/command.py
> ",
> line 238, in run
> result = self.command()
> File "/opt/ckan/pyenv/src/ckan/ckan/lib/cli.py", line 124, in command
> self._load_config()
> File "/opt/ckan/pyenv/src/ckan/ckan/lib/cli.py", line 86, in _load_config
> load_environment(conf.global_conf, conf.local_conf)
> File "/opt/ckan/pyenv/src/ckan/ckan/config/environment.py", line 349, in
> load_environment
> plugin.configure(config)
> File "/opt/ckan/pyenv/src/ckan/ckanext/datastore/plugin.py", line 66, in
> configure
> self._check_read_permissions()
> File "/opt/ckan/pyenv/src/ckan/ckanext/datastore/plugin.py", line 175,
> in _check_read_permissions
> raise Exception("We have write permissions on the read-only database.")
> Exception: We have write permissions on the read-only database.
> #######################
>
> Output from "psql -l":
> #######################
> postgres at www :~> psql -l
> List of databases
> Name | Owner | Encoding | Collate | Ctype | Access privileges
>
> -----------+----------+----------+-------------+-------------+------
> -------------------
> ckandb | ckanuser | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/ckanuser +
> | | | | | ckanuser=CTc/ckanuser
> datastore | ckanuser | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/ckanuser +
> | | | | | ckanuser=CTc/ckanuser +
> | | | | | readonlyuser=c/ckanuser
> postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
> template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
> | | | | | postgres=CTc/postgres
> template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
> | | | | | postgres=CTc/postgres
> (5 rows)
> #######################
>
> It seems that the readonlyuser really still has write permissions, because I am
> also able to execute the "create table" command within a psql shell.
> I am not really familiar with postgresql, but could it be that basic permission
> settings have changed in postgresql 9.2.3?
>
> Any other hints?
>
> Cheers
> Ralf
>
>
> ----------------ursprüngliche Nachricht-----------------
> Von: "User66" user66 at arcor.de
> An: ckan-dev at lists.okfn.org
> Datum: Tue, 26 Mar 2013 15:13:16 +0100
> -------------------------------------------------
>
>
>> Hi Dominik,
>>
>> thanks for the tip.
>>
>> After looking into the code your explanation sounds reasonable. I will
>> switch the postgresql language to English. If you don't hear from me
>> again, this issue is fixed (I can test it not before this evening).
>>
>> Cheers
>> Ralf
>>
>>
>> Am 26.03.2013 11:06, schrieb Dominik Moritz:
>>> Hallo Ralf,
>>>
>>> We expect a permission error because there should be a connection that is
>>> not
>>> allowed to write. However, the check only works if the error message is in
>>> english, otherwise an exception is raised.
>>>
>>> There is an issue and a pull request at
>>> https://github.com/okfn/ckan/pull/642.
>>>
>>> Until this fix is in the release branch, you could set the language of your
>>> postgres installation to english.
>>>
>>> Best wishes,
>>> Dominik
>
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: http://lists.okfn.org/mailman/options/ckan-dev
>
More information about the ckan-dev
mailing list