diff options
| -rw-r--r-- | .gitignore | 14 | ||||
| -rw-r--r-- | Makefile | 22 | ||||
| -rw-r--r-- | debian/boca-autojudge.postinst | 5 | ||||
| -rw-r--r-- | debian/boca-common.conffiles (renamed from debian/boca.conffiles) | 0 | ||||
| -rw-r--r-- | debian/boca-common.postinst | 50 | ||||
| -rw-r--r-- | debian/boca-common.templates | 10 | ||||
| -rw-r--r-- | debian/boca-db.postinst | 75 | ||||
| -rw-r--r-- | debian/boca-db.templates | 11 | ||||
| -rw-r--r-- | debian/boca-web.postinst | 24 | ||||
| -rw-r--r-- | debian/boca.postinst | 11 | ||||
| -rw-r--r-- | debian/compat | 2 | ||||
| -rw-r--r-- | debian/control | 56 | ||||
| -rw-r--r-- | debian/postinst | 6 | ||||
| -rwxr-xr-x | debian/rules | 10 | ||||
| -rw-r--r-- | src/.htaccess | 12 | ||||
| -rw-r--r-- | tools/000-boca.conf | 36 | ||||
| -rw-r--r-- | tools/boca-config-dbhost.sh | 34 | ||||
| -rw-r--r-- | tools/boca-createdb.sh | 46 | ||||
| -rw-r--r-- | tools/postgresql/10/main/conf.d/000-boca.conf | 1 | ||||
| -rw-r--r-- | tools/postgresql/10/main/pg_hba.conf | 101 |
20 files changed, 415 insertions, 111 deletions
@@ -1,2 +1,16 @@ tools/boca-submit-run-root-wrapper tools/safeexec +debian/.debhelper/ +debian/boca-autojudge.substvars +debian/boca-autojudge/ +debian/boca-common.substvars +debian/boca-common/ +debian/boca-db.substvars +debian/boca-db/ +debian/boca-submission-tools/ +debian/boca-web.substvars +debian/boca-web/ +debian/boca.substvars +debian/boca/ +debian/debhelper-build-stamp +debian/files @@ -10,7 +10,7 @@ install-bocawww: cp -r src $(DESTDIR)/var/www/boca/ cp -r doc $(DESTDIR)/var/www/boca/ -install-bocaapache: install-bocawww +install-bocaapache: mkdir -p $(DESTDIR)/etc/apache2/sites-enabled/ cp tools/000-boca.conf $(DESTDIR)/etc/apache2/sites-enabled/000-boca.conf a2ensite default-ssl || echo a2ensite default-ssl FAILED @@ -20,17 +20,29 @@ install-bocaapache: install-bocawww install-scripts: mkdir -p $(DESTDIR)/usr/sbin/ install tools/dump.sh $(DESTDIR)/usr/sbin/boca-dump - install tools/boca-createjail $(DESTDIR)/usr/sbin/boca-createjail + +install-bocadb: + mkdir -p $(DESTDIR)/usr/sbin/ + mkdir -p $(DESTDIR)/etc + cp -r tools/postgresql $(DESTDIR)/etc install tools/boca-createdb.sh $(DESTDIR)/usr/sbin/boca-createdb - install tools/boca-autojudge.sh $(DESTDIR)/usr/sbin/boca-autojudge + +install-bocacommon: install-bocawww + mkdir -p $(DESTDIR)/usr/sbin/ + mkdir -p $(DESTDIR)/etc/ + cp tools/boca.conf $(DESTDIR)/etc/ install tools/boca-config-dbhost.sh $(DESTDIR)/usr/sbin/boca-config-dbhost -install: install-bocawww install-bocaapache install-scripts tools/safeexec +install-bocaautojudge: tools/safeexec + mkdir -p $(DESTDIR)/usr/sbin/ mkdir -p $(DESTDIR)/usr/bin/ mkdir -p $(DESTDIR)/etc/ - cp tools/boca.conf $(DESTDIR)/etc/ install tools/safeexec $(DESTDIR)/usr/bin/safeexec chmod 4555 $(DESTDIR)/usr/bin/safeexec + install tools/boca-createjail $(DESTDIR)/usr/sbin/boca-createjail + install tools/boca-autojudge.sh $(DESTDIR)/usr/sbin/boca-autojudge + +install: install-bocawww install-bocaapache install-bocadb install-bocacommon install-bocaautojudge install-scripts install-submission-tools: tools/boca-submit-run-root-wrapper mkdir -p $(DESTDIR)/usr/bin $(DESTDIR)/usr/sbin $(DESTDIR)/etc/cron.d diff --git a/debian/boca-autojudge.postinst b/debian/boca-autojudge.postinst new file mode 100644 index 0000000..37b144c --- /dev/null +++ b/debian/boca-autojudge.postinst @@ -0,0 +1,5 @@ +#!/bin/bash + +chmod 4555 /usr/bin/safeexec + +exit 0 diff --git a/debian/boca.conffiles b/debian/boca-common.conffiles index b004c7a..b004c7a 100644 --- a/debian/boca.conffiles +++ b/debian/boca-common.conffiles diff --git a/debian/boca-common.postinst b/debian/boca-common.postinst new file mode 100644 index 0000000..d28de8a --- /dev/null +++ b/debian/boca-common.postinst @@ -0,0 +1,50 @@ +#!/bin/bash + +set -e + +. /usr/share/debconf/confmodule + +priority=high + +case "$1" in + configure|reconfigure) + if [[ -e "/etc/boca.conf" ]]; then + . /etc/boca.conf + if [[ "$bdserver" != "" ]]; then + echo "If you want to reset DB configuration, please unset \"bdserver\" in /etc/boca.conf" + exit 0 + fi + fi + db_input high boca-common/dbhost || true + db_go || true + + db_get boca-common/dbhost || true + DBHOST="$RET" + + if [[ "x$DBHOST" == "x" ]]; then + DBHOST=localhost + fi + + db_input high boca-common/dbpassword || true + db_go || true + + db_get boca-common/dbpassword || true + PASSWORD="$RET" + + if [[ "x$PASSWORD" == "x" ]]; then + printf "Generating password with makepasswd" + PASSWORD="$(makepasswd --chars 20)" + echo . + fi + export PASSWD="$PASSWORD" + boca-config-dbhost $DBHOST + unset PASSWD + ;; + *) + ;; +esac + +chmod 600 /var/www/boca/src/private/conf.php +chown www-data.www-data /var/www/boca/src/private/conf.php + +exit 0 diff --git a/debian/boca-common.templates b/debian/boca-common.templates new file mode 100644 index 0000000..e993675 --- /dev/null +++ b/debian/boca-common.templates @@ -0,0 +1,10 @@ +Template: boca-common/dbhost +Type: string +Default: localhost +Description: Please provide a host within BOCA database: + +Template: boca-common/dbpassword +Type: password +Description: Please provide a password for BOCA database: + Please, do not forget this password. You will need it to provide it while + configuring boca-web and boca-autojudge. diff --git a/debian/boca-db.postinst b/debian/boca-db.postinst new file mode 100644 index 0000000..c4215df --- /dev/null +++ b/debian/boca-db.postinst @@ -0,0 +1,75 @@ +#!/bin/bash + +set -e + +. /usr/share/debconf/confmodule + +priority=high + +case "$1" in + configure|reconfigure) + + if [[ -e "/etc/boca.conf" ]]; then + . /etc/boca.conf + if [[ "$bdcreated" != "" ]]; then + echo "If you want to reset DB configuration, please unset \"bdcreated\" in /etc/boca.conf" + exit 0 + fi + fi + + #Assume DBHOST will be localhost, since this is the package that + #provides postgresql + #XXX future work make it work as a backup DB server + DBHOST=localhost + + db_get boca-common/dbpassword || true + PASSWORD="$RET" + + #If we don't have a password from boca-common 2 things could be + #happened + #1) dpkg cleaned the password already + #2) The user did not provide a password + #So we will ask for a password + if [[ "x$PASSWORD" == "x" ]]; then + db_input critical boca-db/dbpassword || true + db_go || true + db_get boca-db/dbpassword || true + PASSWORD="$RET" + db_reset boca-db/dbpassword + else + db_reset boca-common/dbpassword + fi + + if [[ "x$PASSWORD" == "x" ]]; then + printf "Generating password with makepasswd" + PASSWORD="$(makepasswd --chars 20)" + echo . + echo "Your DB password is '$PASSWORD' take care of it." + fi + export PASSWD="$PASSWORD" + boca-config-dbhost $DBHOST + unset PASSWD + postgresuser=postgres + su - $postgresuser -c "echo drop user bocauser | psql -d template1 >/dev/null 2>/dev/null" + su - $postgresuser -c "echo create user bocauser createdb password \'$PASSWORD\'| psql -d template1" + su - $postgresuser -c "echo alter user bocauser createdb password \'$PASSWORD\'| psql -d template1" + + db_input critical boca-db/createdb || true + db_go || true + + db_get boca-db/createdb || true + + if [[ "$RET" == "Yes" ]]; then + echo YES |php /var/www/boca/src/private/createdb.php + echo "bdcreated=y" >> /etc/boca.conf + fi + db_reset boca-db/createdb + + ;; + *) + ;; +esac + +service postgresql restart || true + +exit 0 diff --git a/debian/boca-db.templates b/debian/boca-db.templates new file mode 100644 index 0000000..895098d --- /dev/null +++ b/debian/boca-db.templates @@ -0,0 +1,11 @@ +Template: boca-db/dbpassword +Type: password +Description: Please provide a password for BOCA database: + Please, do not forget this password. You will need it to provide it while + configuring boca-web and boca-autojudge. + +Template: boca-db/createdb +Type: select +Choices: Yes, No +Description: Should a new DB be created for BOCA? + Warning: This operation will erase any existing previously created BOCA DB diff --git a/debian/boca-web.postinst b/debian/boca-web.postinst new file mode 100644 index 0000000..52071f4 --- /dev/null +++ b/debian/boca-web.postinst @@ -0,0 +1,24 @@ +#!/bin/bash + +. /usr/share/debconf/confmodule + +chown -R www-data.www-data /var/www/boca +chmod -R go-rwx /var/www/boca/src/private + +a2ensite default-ssl +a2enmod ssl +a2enmod socache_shmcb +a2enmod proxy_fcgi + +# Make sure embedded apache php module is not loaded +a2dismod php7.2 || true + +#enable php fpm instead +a2enconf php7.2-fpm + +service apache2 restart || true + +#remember to reset possible stored password from debconf +db_reset boca-common/dbpassword || true + +exit 0 diff --git a/debian/boca.postinst b/debian/boca.postinst deleted file mode 100644 index 18ce749..0000000 --- a/debian/boca.postinst +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -chown -R www-data.www-data /var/www/boca -chmod -R go-rwx /var/www/boca/src/private -chmod 4555 /usr/bin/safeexec - -a2ensite default-ssl -a2enmod ssl -a2enmod socache_shmcb - -service apache2 restart || true diff --git a/debian/compat b/debian/compat index 7f8f011..f599e28 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -7 +10 diff --git a/debian/control b/debian/control index 2095b2e..2b45da3 100644 --- a/debian/control +++ b/debian/control @@ -2,20 +2,63 @@ Source: boca Section: misc Priority: optional Maintainer: BOCA Development Team <bocasystem@gmail.com> +Uploaders: Cassio Polpo de Campos <cassiopc@gmail.com>, Bruno Cesar Ribas <brunoribas@gmail.com> Build-Depends: debhelper, build-essential -Package: maratona-boca +Package: boca Architecture: all -Depends: boca -Description: Virtual package that depends on BOCA +Depends: boca-common, boca-web, boca-db, boca-autojudge +Provides: maratona-boca +Description: BOCA is a software created to control a contest with the ACM ICPC rules. + BOCA is a software created to control a contest with the ACM International + Collegiate Programming Contest rules. It has been developed in PHP and the + interaction between judges and the system is done through a web browser. + . + This package install all boca related packages to run everything in one + single machine. -Package: boca +Package: boca-db +Architecture: all +Pre-depends: postgresql +Depends: boca-common +Description: BOCA - database + BOCA is a software created to control a contest with the ACM International + Collegiate Programming Contest rules. It has been developed in PHP and the + interaction between judges and the system is done through a web browser. + . + This package provides a full database to run a contest on. + +Package: boca-web +Architecture: all +Depends: boca-common, apache2, php-fpm, php +Description: BOCA - WEB files + BOCA is a software created to control a contest with the ACM International + Collegiate Programming Contest rules. It has been developed in PHP and the + interaction between judges and the system is done through a web browser. + . + This package provides only web contents. + +Package: boca-common +Architecture: all +Pre-Depends: debconf, makepasswd, coreutils, sharutils +Depends: php-zip, wget, php-cli, php-pgsql, php-gd, postgresql-client, php-xml, openssl, libany-uri-escape-perl +Description: BOCA - Common files + BOCA is a software created to control a contest with the ACM International + Collegiate Programming Contest rules. It has been developed in PHP and the + interaction between judges and the system is done through a web browser. + . + This package contains shared files with all BOCA packages. + +Package: boca-autojudge Architecture: amd64 -Depends: php-zip, debootstrap, schroot, quotatool, makepasswd, apache2, libapache2-mod-php, sharutils, wget, coreutils, php, php-cli, php-pgsql, php-gd, postgresql, postgresql-client, libany-uri-escape-perl, php-xml, openssl -Description: BOCA is a software created to control a contest with the ACM ICPC rules. +Depends: boca-common, debootstrap, schroot, quotatool, makepasswd +Description: BOCA - AutoJudge BOCA is a software created to control a contest with the ACM International Collegiate Programming Contest rules. It has been developed in PHP and the interaction between judges and the system is done through a web browser. + . + This package contains files to generate and run the autojudge system for + BOCA. Package: boca-submission-tools Architecture: amd64 @@ -23,3 +66,4 @@ Depends: sharutils, wget, coreutils, libany-uri-escape-perl, openssl, openssh-se Description: BOCA submission tools. This package provides tools to submit codes to a running boca server without using the web interface. + diff --git a/debian/postinst b/debian/postinst deleted file mode 100644 index 65e238f..0000000 --- a/debian/postinst +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -chown -R www-data.www-data /var/www/boca -chmod 4555 /usr/bin/safeexec - -service apache2 restart || true diff --git a/debian/rules b/debian/rules index 6c52a63..3453dd0 100755 --- a/debian/rules +++ b/debian/rules @@ -3,8 +3,14 @@ override_dh_auto_install: mkdir -p debian/boca-submission-tools make -j1 install-submission-tools DESTDIR=debian/boca-submission-tools - mkdir -p debian/boca - make -j1 install DESTDIR=debian/boca + mkdir -p debian/boca-web + make -j1 install-bocaapache DESTDIR=debian/boca-web + mkdir -p debian/boca-autojudge + make -j1 install-bocaautojudge DESTDIR=debian/boca-autojudge + mkdir -p debian/boca-db + make -j1 install-bocadb DESTDIR=debian/boca-db + mkdir -p debian/boca-common + make -j1 install-bocacommon DESTDIR=debian/boca-common %: dh $@ diff --git a/src/.htaccess b/src/.htaccess index 7c89b5b..99fda17 100644 --- a/src/.htaccess +++ b/src/.htaccess @@ -1,5 +1,7 @@ -php_flag output_buffering on -php_value memory_limit 1024M -php_value post_max_size 128M -php_flag magic_quotes_gpc off -php_value upload_max_filesize 128M +<IfModule !mod_proxy_fcgi.c> + php_flag output_buffering on + php_value memory_limit 1024M + php_value post_max_size 128M + php_flag magic_quotes_gpc off + php_value upload_max_filesize 128M +</IfModule> diff --git a/tools/000-boca.conf b/tools/000-boca.conf index 66c62fe..2ea68d9 100644 --- a/tools/000-boca.conf +++ b/tools/000-boca.conf @@ -1,15 +1,21 @@ -<Directory /var/www/boca/src> - AllowOverride Options AuthConfig Limit - Order Allow,Deny - Allow from all - AddDefaultCharset utf-8 -</Directory> -<Directory /var/www/boca/src/private> - AllowOverride Options AuthConfig Limit - Deny from all -</Directory> -<Directory /var/www/boca> - AllowOverride Options AuthConfig Limit - Deny from all -</Directory> -Alias /boca /var/www/boca/src +<VirtualHost *:80> + + ServerAdmin boca@bombonera.org + DocumentRoot /var/www/boca + <Directory "/var/www/boca/src"> + AllowOverride Options AuthConfig Limit + Order Allow,Deny + Allow from all + AddDefaultCharset utf-8 + </Directory> + <Directory "/var/www/boca/src/private"> + AllowOverride Options AuthConfig Limit + Deny from all + </Directory> + <Directory /var/www/boca> + AllowOverride Options AuthConfig Limit + Deny from all + </Directory> + Alias /boca /var/www/boca/src + +</VirtualHost> diff --git a/tools/boca-config-dbhost.sh b/tools/boca-config-dbhost.sh index 306f44f..bfe710e 100644 --- a/tools/boca-config-dbhost.sh +++ b/tools/boca-config-dbhost.sh @@ -35,6 +35,8 @@ bdservernew=$1 . /etc/boca.conf +privatedir=$bocadir/src/private + CHANGE=n if [[ "x$bdserver" == "x" ]]; then echo "bdserver=$bdservernew" >> /etc/boca.conf @@ -46,21 +48,23 @@ fi bdserver=$bdservernew -if [[ "$bdserver" == "localhost" && "x$bdcreated" != "xy" ]]; then - if [[ "$CHANGE" == "n" ]]; then - boca-createdb - else - boca-createdb -f - fi -elif [[ "$bdserver" != "localhost" ]]; then - printf "You will be asked to prompt the BD password [enter do continue]" - read - #just to config password - if [[ "$CHANGE" == "n" ]]; then - boca-createdb nocreate - else - boca-createdb -f nocreate - fi +#update conf.php +# PASSWD should be environment defined. While installing boca-common package +# this variable will be set +PASS=$PASSWD +if [[ "x$PASS" == "x" ]]; then + read -p "Enter DB password: " -s PASS fi +PASSK=`makepasswd --chars 20` +awk -v boca="$bdserver" -v pass="$PASS" -v passk="$PASSK" '{ if(index($0,"[\"dbpass\"]")>0) \ + print "$conf[\"dbpass\"]=\"" pass "\";"; \ + else if(index($0,"[\"dbhost\"]")>0) print "$conf[\"dbhost\"]=\"" boca "\";"; \ + else if(index($0,"[\"dbsuperpass\"]")>0) print "$conf[\"dbsuperpass\"]=\"" pass "\";"; \ + else if(index($0,"[\"key\"]")>0) print "$conf[\"key\"]=\"" passk "\";"; else print $0; }' \ + < $privatedir/conf.php > $privatedir/conf.php1 +mv -f $privatedir/conf.php1 $privatedir/conf.php + +chown www-data.www-data $privatedir/conf.php +chmod 600 $privatedir/conf.php exit 0 diff --git a/tools/boca-createdb.sh b/tools/boca-createdb.sh index c230819..0c36a3f 100644 --- a/tools/boca-createdb.sh +++ b/tools/boca-createdb.sh @@ -37,7 +37,7 @@ privatedir=$bocadir/src/private postgresuser=postgres if [[ "x$bdserver" == "x" ]]; then - echo "Please run boca-config-dbhost" + echo "Please run boca-config-dbhost first" exit 2 fi @@ -57,54 +57,10 @@ if [[ "x$bdcreated" == "x" || "$1" == "-f" ]] ; then fi echo "Keep the DB password safe!" - PASSK=`makepasswd --chars 20` - awk -v boca="$bdserver" -v pass="$PASS" -v passk="$PASSK" '{ if(index($0,"[\"dbpass\"]")>0) \ - print "$conf[\"dbpass\"]=\"" pass "\";"; \ - else if(index($0,"[\"dbhost\"]")>0) print "$conf[\"dbhost\"]=\"" boca "\";"; \ - else if(index($0,"[\"dbsuperpass\"]")>0) print "$conf[\"dbsuperpass\"]=\"" pass "\";"; \ - else if(index($0,"[\"key\"]")>0) print "$conf[\"key\"]=\"" passk "\";"; else print $0; }' \ - < $privatedir/conf.php > $privatedir/conf.php1 - mv -f $privatedir/conf.php1 $privatedir/conf.php - if [[ "$bdserver" == "localhost" ]]; then su - $postgresuser -c "echo drop user bocauser | psql -d template1 >/dev/null 2>/dev/null" su - $postgresuser -c "echo create user bocauser createdb password \'$PASS\'| psql -d template1" su - $postgresuser -c "echo alter user bocauser createdb password \'$PASS\'| psql -d template1" - #allowing outside connections - if ! echo "$*" | grep -q notouchpgconf; then - echo "##########################" - echo " ATENTION" - echo "##########################" - echo - echo "I AM GIVING ACCESS TO THE DATABASE FROM ANY IP (AS LONG AS THE PASSWORD IS OK)" - CONTINUE="y" - printf "May I give access? [Y/n]" - read CONTINUE - - if [[ "$CONTINUE" == "Y" || "$CONTINUE" == "y" ]]; then - for i in /etc/postgresql/*/main/pg_hba.conf; do - if grep -q "host.*bocadb.*bocauser" $i; then - continue; - fi - echo "host bocadb bocauser 0/0 md5" >> $i - echo "host postgres replication 0/0 md5" >> $i - done - for i in /etc/postgresql/*/main/postgresql.conf; do - if ! grep -q "^[^\#]*listen_addresses" $i; then - echo "listen_addresses = '*'" >> $i - fi - done - service postgresql restart - - else - echo "#### READ THIS ####" - echo "If you change your mind later, you may call me again as:" - echo "$0 -f" - sleep 3 - echo - echo - fi - fi fi if [[ "x$bdcreated" == "x" ]]; then echo 'bdcreated=y' >> /etc/boca.conf diff --git a/tools/postgresql/10/main/conf.d/000-boca.conf b/tools/postgresql/10/main/conf.d/000-boca.conf new file mode 100644 index 0000000..128ef1a --- /dev/null +++ b/tools/postgresql/10/main/conf.d/000-boca.conf @@ -0,0 +1 @@ +listen_addresses = '*' diff --git a/tools/postgresql/10/main/pg_hba.conf b/tools/postgresql/10/main/pg_hba.conf new file mode 100644 index 0000000..4eeaa6e --- /dev/null +++ b/tools/postgresql/10/main/pg_hba.conf @@ -0,0 +1,101 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. A short +# synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, +# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a +# plain TCP/IP socket. +# +# DATABASE can be "all", "sameuser", "samerole", "replication", a +# database name, or a comma-separated list thereof. The "all" +# keyword does not match "replication". Access to replication +# must be enabled in a separate record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", or a +# comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names +# from a separate file. +# +# ADDRESS specifies the set of hosts the record matches. It can be a +# host name, or it is made up of an IP address and a CIDR mask that is +# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that +# specifies the number of significant bits in the mask. A host name +# that starts with a dot (.) matches a suffix of the actual host name. +# Alternatively, you can write an IP address and netmask in separate +# columns to specify the set of hosts. Instead of a CIDR-address, you +# can write "samehost" to match any of the server's own IP addresses, +# or "samenet" to match any address in any subnet that the server is +# directly connected to. +# +# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", +# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". +# Note that "password" sends passwords in clear text; "md5" or +# "scram-sha-256" are preferred since they send encrypted passwords. +# +# OPTIONS are a set of options for the authentication in the format +# NAME=VALUE. The available options depend on the different +# authentication methods -- refer to the "Client Authentication" +# section in the documentation for a list of which options are +# available for which authentication methods. +# +# Database and user names containing spaces, commas, quotes and other +# special characters must be quoted. Quoting one of the keywords +# "all", "sameuser", "samerole" or "replication" makes the name lose +# its special character, and just match a database or username with +# that name. +# +# This file is read on server startup and when the server receives a +# SIGHUP signal. If you edit the file on a running system, you have to +# SIGHUP the server for the changes to take effect, run "pg_ctl reload", +# or execute "SELECT pg_reload_conf()". +# +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL +# listen on a non-local interface via the listen_addresses +# configuration parameter, or via the -i or -h command line switches. + + + + +# DO NOT DISABLE! +# If you change this first entry you will need to make sure that the +# database superuser can access the database using some other method. +# Noninteractive access to all databases is required during automatic +# maintenance (custom daily cronjobs, replication, and similar tasks). +# +# Database administrative login by Unix domain socket +local all postgres peer + +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all peer +# IPv4 local connections: +host all all 127.0.0.1/32 md5 +# IPv6 local connections: +host all all ::1/128 md5 +# Allow replication connections from localhost, by a user with the +# replication privilege. +local replication all peer +host replication all 127.0.0.1/32 md5 +host replication all ::1/128 md5 +host bocadb bocauser 0/0 md5 +host postgres replication 0/0 md5 |