Bug 1043037

Summary: FreeRADIUS postgresql setup fails to grant permission for primary key serial object
Product: Red Hat Enterprise Linux 7 Reporter: John Dennis <jdennis>
Component: freeradiusAssignee: John Dennis <jdennis>
Status: CLOSED CURRENTRELEASE QA Contact: David Spurek <dspurek>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: dpal, dspurek, ebenes, jdennis, lemenkov
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: freeradius-3.0.1-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1043036 Environment:
Last Closed: 2014-06-13 10:17:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1043036    
Bug Blocks:    

Description John Dennis 2013-12-13 19:54:05 UTC 
+++ This bug was initially created as a clone of Bug #1043036 +++

The setup.sql for postgres in 3.x

raddb/mods-config/sql/main/postgresql/setup.sql

does not grant sufficient permissions to update tables. I'm not a
postgres expert but apparently when you use a SERIAL or BIGSERIAL type
to create a unique key postgres does that by creating something called a
sequence object. After creating the schema you'll see things like this:

> psql:schema.sql:180: NOTICE:  CREATE TABLE will create implicit sequence "radpostauth_id_seq" for serial column "radpostauth.id"

Those sequence object need permission grants on them in addition to the
table grants. Currently postgresql/setup.sql does not establish these
sequence grants, as a result you'll see errors like this:

> rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass, reply, authdate) VALUES('paptestuser', 'mypassword', 'Access-Accept', NOW())'
> rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
> rlm_sql_postgresql: Error permission denied for sequence radpostauth_id_seq
> rlm_sql_postgresql: Postgresql Fatal Error: [42501: INSUFFICIENT PRIVILEGE] Occurred!!
> rlm_sql (sql): Database query error: ERROR:  permission denied for sequence radpostauth_id_seq 

The solution is to add these grants to postgresql/setup.sql

GRANT SELECT, USAGE on radacct_radacctid_seq TO radius;
GRANT SELECT, USAGE on radpostauth_id_seq TO radius;

--- Additional comment from John Dennis on 2013-12-13 14:53:18 EST ---
Comment 5 Ludek Smid 2014-06-13 10:17:58 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.