1 files changed, 13 insertions, 9 deletions

diff --git a/contrib/taler-exchange-dbconfig b/contrib/taler-exchange-dbconfig
index 7d33aa64b..dc92abbd1 100755
--- a/contrib/taler-exchange-dbconfig
+++ b/contrib/taler-exchange-dbconfig
@@ -22,15 +22,17 @@ set -eu
 RESET_DB=0
 SKIP_DBINIT=0
 DBUSER="taler-exchange-httpd"
+DBGROUP="taler-exchange-db"
 DBNAME="exchange"
 CFGFILE="/etc/taler/secrets/exchange-db.secret.conf"
 
 # Parse command-line options
-while getopts ':hn:rsu:' OPTION; do
+while getopts ':g:hn:rsu:' OPTION; do
     case "$OPTION" in
         h)
             echo 'Supported options:'
             echo "  -c FILENAME  -- write configuration to FILENAME (default: $CFGFILE)"
+            echo "  -g GROUP     -- taler-exchange to be run by GROUP (default: $DBGROUP)"
             echo "  -h           -- print this help text"
             echo "  -n NAME      -- user NAME for database name (default: $DBNAME)"
             echo "  -r           -- reset database (dangerous)"
@@ -86,7 +88,7 @@ if sudo -i -u postgres psql "$DBNAME" < /dev/null 2> /dev/null
 then
     if [ 1 = "$RESET_DB" ]
     then
-        echo "Deleting existing database $DBNAME." 1>&2
+        echo "Deleting existing database '$DBNAME'." 1>&2
         sudo -i -u postgres dropdb "$DBNAME"
     else
         echo "Database '$DBNAME' already exists, refusing to setup again."
@@ -95,14 +97,14 @@ then
     fi
 fi
 
-echo "Setting up database user $DBUSER." 1>&2
+echo "Setting up database user '$DBUSER'." 1>&2
 
 if ! sudo -i -u postgres createuser "$DBUSER" 2> /dev/null
 then
     echo "Database user '$DBUSER' already existed. Continuing anyway." 1>&2
 fi
 
-echo "Creating database $DBNAME." 1>&2
+echo "Creating database '$DBNAME'." 1>&2
 
 if ! sudo -i -u postgres createdb -O "$DBUSER" "$DBNAME"
 then
@@ -112,19 +114,21 @@ fi
 
 if [ -f "$CFGFILE" ]
 then
-    echo "Adding database configuration to $CFGFILE." 1>&2
+    echo "Adding database configuration to '$CFGFILE'." 1>&2
     echo -e "[exchangedb-postgres]\nCONFIG=postgres:///$DBNAME\n" >> "$CFGFILE"
+    chown root:"$DBGROUP" "$CFGFILE"
+    chmod 640 "$CFGFILE"
 else
-    echo "Configuration $CFGFILE does not yet exist, creating it." 1>&2
+    echo "Configuration '$CFGFILE' does not yet exist, creating it." 1>&2
     mkdir -p "$(dirname "$CFGFILE")"
     echo -e "[exchangedb-postgres]\nCONFIG=postgres:///$DBNAME\n" >> "$CFGFILE"
-    chown "$DBUSER":root "$CFGFILE"
-    chmod 460 "$CFGFILE"
+    chown root:"$DBGROUP" "$CFGFILE"
+    chmod 640 "$CFGFILE"
 fi
 
 if [ 0 = "$SKIP_DBINIT" ]
 then
-    echo "Initializing database $DBNAME." 1>&2
+    echo "Initializing database '$DBNAME'." 1>&2
     sudo -u "$DBUSER" taler-exchange-dbinit
 fi