使用 Ruby popen 和 PostgreSQL createuser
我正在尝试编写一个非常简单的 rake 任务(并将其合并到一个相当大的 rake 任务中),它将调用以下命令并传入随机生成的密码。目前,我们甚至可以伪造随机生成,并为其设置一个“test”密码:
createuser -SDPRE test
我的任务代码如下:
desc "Create a test user with test password"
task "test" do
puts('Creating User')
IO.popen "createuser -SDRPE test", 'w+' do |io|
io.write "test\ntest\n"
io.close_write
end
raise 'createuser failed' unless $?.success?
end
io.write 似乎无法正常工作,因为我还是要输入密码。它也没有被破坏。运行任务并手动输入密码后,我可以使用该密码通过 psql 登录。
我尝试了很多变体,例如 io.close,将文件打开为 'w' 甚至 'r' 或 'r+' 因为我看到其他使用它的例子。
我对如何让它发挥作用有点困惑。任何想法/评论/答案将不胜感激!
编辑 1:这是在 Debian (Lenny) Linux 系统上,以防有什么不同。
I am attempting to write a very simple rake task (and merge it into a rather large rake task) that will call the following command and pass in a randomly generated password. For the moment, let's even fake the random generation and just give it a set password of 'test':
createuser -SDPRE test
The code I have for my task is as follows:
desc "Create a test user with test password"
task "test" do
puts('Creating User')
IO.popen "createuser -SDRPE test", 'w+' do |io|
io.write "test\ntest\n"
io.close_write
end
raise 'createuser failed' unless $?.success?
end
The io.write appears not to work as I still have to enter the password. It's also not being clobbered. After running the task and entering the password manually, I can use that password to log in with psql.
I have tried quite a few variations such as io.close, opening the file as 'w' and even 'r' or 'r+' because I saw other examples that use it.
I am a bit stumped on how to get this to work. Any ideas/comments/answers would be greatly appreciated!
Edit 1: This is on a Debian (Lenny) Linux system in case it makes any difference.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
createuser正在打开/dev/tty来读取密码读取密码的程序通常会牺牲有关密码的 Unix 工具范例。这是一个合理的做法,因为它允许其他功能尊重标准输入和输出,并在打开
/dev/tty以获取交互式密码时将其全部暂停。无论如何,
strace(1)显示createuser实际上正在打开/dev/tty。一切都没有丢失,
createuser只是一个指向/usr/share/postgresql-common/pg_wrapper的链接,这是一个 Perl 程序。我确信它可以被黑客攻击以实现密码脚本兼容性。createuseris opening/dev/ttyto read the passwordPrograms that read passwords usually sacrifice the Unix tools paradigm with respect to passwords. This is a reasonable thing to do because it allows other functionality to respect standard input and output, and put it all on pause while it opens
/dev/ttyfor an interactive password.In any case, an
strace(1)reveals thatcreateuseris in fact opening/dev/tty.All is not lost,
createuseris just a link to/usr/share/postgresql-common/pg_wrapperwhich is a Perl program. I'm sure it can be hacked for password scripting compatibility.我知道这不是您问题的答案,但是您是否考虑过使用 SQL 而不是调用 shell 命令来创建 PG 用户?
http://www.postgresql.org/docs/8.0/interactive/ sql-createuser.html
看起来更安全可靠。
I know this is not an answer to your question, but have you considered creating PG user by using SQL instead of invoking shell commands?
http://www.postgresql.org/docs/8.0/interactive/sql-createuser.html
It seems safer and more reliable.