BEE Backport bacula/src/cats/grant_postgresql_privileges.in

This commit is the result of the squash of the following main commits:

Author: Eric Bollengier <eric@baculasystems.com>
Date:   Wed Apr 29 13:52:04 2020 +0200

    Update SQL scripts for Events table. Catalog format 1022

Author: Eric Bollengier <eric@baculasystems.com>
Date:   Fri Apr 24 20:16:22 2020 +0200

    Reliably log user activity in a way that satisfies auditors

    Messages {
      name = Standard
      append = /tmp/bacula.log = all

      # To send the events into a log and in the catalog
      append = /tmp/audit.log = events, !events.bweb
      catalog = all, events
    }

    Users can create custom events with a console command:

    .events

    They can list events in the catalog with

    * list events
    +---------------------+------------+-----------+--------------------------------+
    | time                | type       | source    | events                         |
    +---------------------+------------+-----------+--------------------------------+
    | 2020-04-24 17:04:07 | daemon     | *Daemon*  | Director startup               |
    | 2020-04-24 17:04:12 | connection | *Console* | Connection from 127.0.0.1:8101 |
    | 2020-04-24 17:04:20 | command    | *Console* | purge jobid=1                  |
    +---------------------+------------+-----------+--------------------------------+

    The event format in the log is:

    24-Apr 17:04 Events: code=DC0001 from=zog8-dir ref=0x1fa5 type=daemon source=*Daemon* text=Director startup

    24-Apr 17:04 Events: code=DC0002 from=zog8-dir ref=0x7fb58000c4b8 type=connection source=*Console* text=Connection from 127.0.0.1:8101

    The reference (ref) is used to identify a console session, all activity
    from the same console will have the same reference.

    The source is the name of the restricted console, or *Console* if this
    is the default console.

    We have the following events:
     - cancel a job
     - delete volume
     - delete job
     - purge job
     - delete pool
     - delete client
     - daemon startup
     - daemon shutdown
     - console connection
     - console disconnection

    To add a new events:
    ua->send_events(type, format, arguments);

Author: Eric Bollengier <eric@baculasystems.com>
Date:   Tue Mar 12 09:25:59 2019 +0100

    Fix #4754 about incorrect path for the psql command in grant_postgresql_privileges

Author: Eric Bollengier <eric@baculasystems.com>
Date:   Thu May 19 15:34:47 2016 +0200

    Fix permission issue on the new FileMedia table in grant_postgresql_privileges script

diff --git a/bacula/src/cats/grant_postgresql_privileges.in b/bacula/src/cats/grant_postgresql_privileges.in
index 88da6b1bd65ff900c7cafc1700b9ae381e0c0ce1..1454ba66289a5858b3d81c02801bd7cfdf2091ac 100644 (file)
--- a/bacula/src/cats/grant_postgresql_privileges.in
+++ b/bacula/src/cats/grant_postgresql_privileges.in
@@ -2,11 +2,12 @@
 #
 # shell script to grant privileges to the bacula database
 #
-# Copyright (C) 2000-2017 Kern Sibbald
+# Copyright (C) 2000-2020 Kern Sibbald
 # License: BSD 2-Clause; see file LICENSE-FOSS
 #
 db_user=${db_user:-@db_user@}
 bindir=@POSTGRESQL_BINDIR@
+PATH="$PATH:$bindir"
 db_name=${db_name:-@db_name@}
 db_password=@db_password@
 if [ "$db_password" != "" ]; then
@@ -14,7 +15,7 @@ if [ "$db_password" != "" ]; then
 fi
 
 
-$bindir/psql -f - -d ${db_name} $* <<END-OF-DATA
+psql -f - -d ${db_name} $* <<END-OF-DATA
 
 create user ${db_user} ${pass};
 
@@ -22,9 +23,11 @@ create user ${db_user} ${pass};
 alter database ${db_name} owner to ${db_user} ;
 
 -- for tables
+grant all on Events        to ${db_user};
 grant all on unsavedfiles to ${db_user};
 grant all on basefiles   to ${db_user};
 grant all on jobmedia    to ${db_user};
+grant all on filemedia   to ${db_user};
 grant all on file        to ${db_user};
 grant all on job         to ${db_user};
 grant all on media       to ${db_user};
@@ -32,7 +35,6 @@ grant all on client     to ${db_user};
 grant all on pool        to ${db_user};
 grant all on fileset     to ${db_user};
 grant all on path        to ${db_user};
-grant all on filename    to ${db_user};
 grant all on counters    to ${db_user};
 grant all on version     to ${db_user};
 grant all on cdimages    to ${db_user};
@@ -50,7 +52,7 @@ grant all on RestoreObject to ${db_user};
 grant all on Snapshot to ${db_user};
 -- for sequences on those tables
 
-grant select, update on filename_filenameid_seq    to ${db_user};
+grant select, update on events_eventsid_seq       to ${db_user};
 grant select, update on path_pathid_seq           to ${db_user};
 grant select, update on fileset_filesetid_seq     to ${db_user};
 grant select, update on pool_poolid_seq           to ${db_user};