On 2/4/2019 3:43 AM, Daniel Baumann wrote:
At work we always create a 'dummy' read-only user for this, using any
privileged accounts is out of the question (as you rightly pointed out).
I'm not sure we can do anything about this other than documenting it
in README.Debian or so. The "right thing" to do here would be to have
a common read-only, unprivileded user for this on all DBs in debian..
but that would require much work/not sure everyone would want that.
Agreed; I've seen discussion on various debian bugs where people have
suggested a global read-only user, but one of the main issues is that
every app that needs a read-only user may have differing requirements.
There are, however, many other packages that take the middle approach I
outlined in the bug report, namely to use the sys-maint user (once) to
create a readonly user (that has the right app specific permissions) on
install.
I agree in the short term a short bit in the README would make sense,
but in the long term, I think the latter approach would be preferable
(and welcomed)
Time permitting I may take a shot at a patch.
Regards,
Nye
