Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

"A car is just a big purse on wheels." -- Johanna Reynolds

devel / comp.databases.ingres / Re: [Info-ingres] Changing Database Ownership

SubjectAuthor
* Changing Database OwnershipRich Ford
`* Re: Changing Database OwnershipRoy Hann
 `- Re: [Info-ingres] Changing Database OwnershipKarl Schendel

1
Changing Database Ownership

<0300421e-9e45-4ade-a8ca-fb668a583619n@googlegroups.com>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=187&group=comp.databases.ingres#187

  copy link   Newsgroups: comp.databases.ingres
X-Received: by 2002:a05:622a:2c9:: with SMTP id a9mr52327471qtx.28.1641486715693;
Thu, 06 Jan 2022 08:31:55 -0800 (PST)
X-Received: by 2002:aca:b02:: with SMTP id 2mr2260550oil.34.1641486715349;
Thu, 06 Jan 2022 08:31:55 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.databases.ingres
Date: Thu, 6 Jan 2022 08:31:55 -0800 (PST)
Injection-Info: google-groups.googlegroups.com; posting-host=2600:8801:d500:6b60:ddc0:aaf8:a2aa:1b0c;
posting-account=MD_47woAAABULmOe11ZqdjPGw6zni88O
NNTP-Posting-Host: 2600:8801:d500:6b60:ddc0:aaf8:a2aa:1b0c
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <0300421e-9e45-4ade-a8ca-fb668a583619n@googlegroups.com>
Subject: Changing Database Ownership
From: richford990@gmail.com (Rich Ford)
Injection-Date: Thu, 06 Jan 2022 16:31:55 +0000
Content-Type: text/plain; charset="UTF-8"
Lines: 2
 by: Rich Ford - Thu, 6 Jan 2022 16:31 UTC

I need to change some databases ownership for DBAs who have left the company.

Part of the instructions state to "login as the CURRENT DBA of

Re: Changing Database Ownership

<sr7beb$11a9$1@gioia.aioe.org>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=191&group=comp.databases.ingres#191

  copy link   Newsgroups: comp.databases.ingres
Path: i2pn2.org!i2pn.org!aioe.org!ow2HZ3WUoSa7bUAoHqrJ8A.user.46.165.242.75.POSTED!not-for-mail
From: specially@processed.almost.meat (Roy Hann)
Newsgroups: comp.databases.ingres
Subject: Re: Changing Database Ownership
Date: Thu, 6 Jan 2022 18:12:27 -0000 (UTC)
Organization: Aioe.org NNTP Server
Message-ID: <sr7beb$11a9$1@gioia.aioe.org>
References: <0300421e-9e45-4ade-a8ca-fb668a583619n@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="34121"; posting-host="ow2HZ3WUoSa7bUAoHqrJ8A.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: XPN/1.2.6 (Street Spirit ; Windows)
X-Notice: Filtered by postfilter v. 0.9.2
 by: Roy Hann - Thu, 6 Jan 2022 18:12 UTC

Rich Ford wrote:

> I need to change some databases ownership for DBAs who have left the company.
>
> Part of the instructions state to "login as the CURRENT DBA of

First off, this is an example of why I suggest creating special user IDs
for the sole purpose of "owning" databases. It is imprudent and
unnecessary to have real users as database owners. But that ship sailed
long ago...

Changing the name of the owner of the database now is probably
infeasible. The only supported way I can think of to do it would be to
unload, destroy, recreate, and reload the database.

This is not ideal, but starting from where you are, I'd probably just
first make sure no one can ever log in using the current owners'
ID--delete their password or whatever it takes. Then to access the
databases from now on I would either use the -u flag to impersonate
the owner when I connect, or, once connected, use the SET SESSION
AUTHORIZATION command to impersonate them. (This is sort of like doing
su or sudo and only a user with Ingres security_administrator
privileges can do it.)

Of course if you'd like some encouragement to get into unsupported
hackery, I or someone else here can probably whisper evil advice
if you insist. It's not my database. >:-)

Roy

Re: [Info-ingres] Changing Database Ownership

<mailman.117.1641494500.1681.info-ingres@lists.planetingres.org>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=192&group=comp.databases.ingres#192

  copy link   Newsgroups: comp.databases.ingres
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!buffer2.nntp.dca1.giganews.com!news.giganews.com.POSTED!not-for-mail
NNTP-Posting-Date: Thu, 06 Jan 2022 12:42:03 -0600
Return-Path: <schendel@kbcomputer.com>
X-Original-To: info-ingres@lists.planetingres.org
Delivered-To: info-ingres@mort.croker.net
From: schendel@kbcomputer.com (Karl Schendel)
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Thu, 6 Jan 2022 13:41:36 -0500
References: <0300421e-9e45-4ade-a8ca-fb668a583619n@googlegroups.com>
<sr7beb$11a9$1@gioia.aioe.org>
To: Ingres and related product discussion forum
<info-ingres@lists.planetingres.org>
In-Reply-To: <sr7beb$11a9$1@gioia.aioe.org>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Subject: Re: [Info-ingres] Changing Database Ownership
X-BeenThere: info-ingres@lists.planetingres.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <info-ingres.lists.planetingres.org>
List-Unsubscribe: <https://lists.planetingres.org/mailman/options/info-ingres>,
<mailto:info-ingres-request@lists.planetingres.org?subject=unsubscribe>
List-Archive: <https://lists.planetingres.org/pipermail/info-ingres/>
List-Post: <mailto:info-ingres@lists.planetingres.org>
List-Help: <mailto:info-ingres-request@lists.planetingres.org?subject=help>
List-Subscribe: <https://lists.planetingres.org/mailman/listinfo/info-ingres>,
<mailto:info-ingres-request@lists.planetingres.org?subject=subscribe>
Newsgroups: comp.databases.ingres
Message-ID: <mailman.117.1641494500.1681.info-ingres@lists.planetingres.org>
Lines: 53
X-Usenet-Provider: http://www.giganews.com
X-Trace: sv3-PhxhYIg99uKSwkODAXrJS++tZwNzX/O4I6ot03pWnzAPATSe2YmnaWbnKVtifUx7OikJimARAQn8+77!tXsXRs41Wj+dJnRVqcOgko6HTvbfibWy/sbnPNFV35+/sQXZYcL9RblxWgBgGqVisplNRoruneoV!glae2MRwzOT4U5FaTwiN71w=
X-Complaints-To: abuse@giganews.com
X-DMCA-Notifications: http://www.giganews.com/info/dmca.html
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
X-Original-Bytes: 4010
 by: Karl Schendel - Thu, 6 Jan 2022 18:41 UTC

> On Jan 6, 2022, at 1:12 PM, Roy Hann <specially@processed.almost.meat> wrote:
>
> Rich Ford wrote:
>
>> I need to change some databases ownership for DBAs who have left the company.
>>
>> Part of the instructions state to "login as the CURRENT DBA of
>
> ...
> Changing the name of the owner of the database now is probably
> infeasible. The only supported way I can think of to do it would be to
> unload, destroy, recreate, and reload the database.
>
> This is not ideal, but starting from where you are, I'd probably just
> first make sure no one can ever log in using the current owners'
> ID--delete their password or whatever it takes. Then to access the
> databases from now on I would either use the -u flag to impersonate
> the owner when I connect, or, once connected, use the SET SESSION
> AUTHORIZATION command to impersonate them.

In addition to what Roy said, if all you really need is a way to be able to
do database admin-type things, you can log in as a security user (eg
user ingres), connect to iidbdb with -uoriginal_dba_user, and

GRANT DB_ADMIN ON DATABASE foo TO new_dba_user;

and now new_dba_user can do everything that a security user
can do, for that specific database. The inverse is:

REVOKE DB_ADMIN ON DATABASE foo FROM user

>
> Of course if you'd like some encouragement to get into unsupported
> hackery, I or someone else here can probably whisper evil advice
> if you insist. It's not my database. >:-)
>

I used to have a little C program that made the necessary update to the
binary db config file as well as the iidbdb changes needed to change the
owner of a database. It would have to be reworked to match the specific
version of Ingres involved, and it would take a lot of motivation for me
to even look at the old version I have.

Karl

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor