Scott M. Mcdermott

UNIX Systems & Network Administrator
available for contract or salaried positions
site location:

pgdb_disallow_connects 

#

require xpgdbcmd

pgdb_disallow_connects ()
{
        local old=${1:?}

        PGDATABASE=postgres \
        PGUSER=postgres \
        pgdbcmd "
                UPDATE  pg_database
                SET     datallowconn=false
                WHERE   datname='$old'
        ;"
}

# The below method doesn't work for superusers, because they
# bypass all access restrictions, which took me an
# inordinate amount of time to discover.
#
__no_no_disabled_dontuse_pgdb_disallow_connects ()
{
        local old=${1:?}
        local -a roles

        roles=($(xpgdbcmd "
                SELECT  role_name
                FROM    information_schema.enabled_roles
                WHERE   role_name != 'postgres'
        ;")) || return 1

        for role in ${roles[@]}
        do
                PGUSER=postgres xpgdbcmd "
                        REVOKE          CONNECT
                        ON DATABASE     \"$old\"
                        FROM            \"$role\"
                ;" || return 2
        done
}
# vim:syn=sh:ft=sh