Non postgres user and permission denied
617 views
Skip to first unread message
Tomasz Rzany
Oct 19, 2012, 5:52:00 AM10/19/12
to pgba...@googlegroups.com
Hello guys,
because of our security policy I can not allow to access postgres user directly from ssh. So I'm restricted to some other user, and when using this user in ssh_command (inv .barman.conf) I get errors:
Starting backup for server as in /home/barman/backup/as/base/20121019T093038
Backup start at xlog location: 0/15000020 (000000010000000000000015, 00000020)
Copying files.
rsync: readlink_stat("/var/lib/postgresql/9.1/main/server.key") failed: Permission denied (13)
IO error encountered -- skipping file deletion
rsync: send_files failed to open "/var/lib/postgresql/9.1/main/backup_label": Permission denied (13)
rsync: send_files failed to open "/var/lib/postgresql/9.1/main/pg_stat_tmp/pgstat.stat": Permission denied (13)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1536) [generator=3.0.8]
I've added my other user to postgres group and even changed permission for /var/lib/postgresql/9.1/main (just for testing) to see if it helps but no success.
What can I do in my situation? Is it possible to set ssh_command in a way that it would switch user to postgres and then proceed with backup?
Tomasz Rzany
Oct 31, 2012, 4:41:56 AM10/31/12
to pgba...@googlegroups.com
Okay, as nobody wanted to help me I helped myself, Here is my solution:
Info:
ubuntu: is user which is allowed to ssh to db serverpostgres: db superuser
Set acl for postgres data, so user ubuntu can access it:
root # setfacl -R -m u:ubuntu:rwx /var/lib/postgresql/9.1/mainroot # setfacl -dR u:ubuntu:rwx /var/lib/postgresql/9.1/main
User ubuntu should be in same group as db super user, postgres in my case:
root # vim /etc/groupssl-cert:x:112:postgres,ubuntupostgres:x:113:ubuntu
After this, barman works again!
Gabriele Bartolini
Oct 31, 2012, 4:55:07 AM10/31/12
to pgba...@googlegroups.com
Hi Tomasz,
thanks for sharing!
Cheers,
Gabriele
P.S.: Sorry, but I had no clue ...
--
Gabriele Bartolini - 2ndQuadrant Italia
PostgreSQL Training, Services and Support
www.2ndQuadrant.it
thanks for sharing!
Cheers,
Gabriele
P.S.: Sorry, but I had no clue ...
2012/10/31 Tomasz Rzany <kosz...@gmail.com>
--
--
You received this message because you are subscribed to the "Barman for PostgreSQL" group.
To post to this group, send email to pgba...@googlegroups.com
To unsubscribe from this group, send email to
pgbarman+u...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/pgbarman?hl=en?hl=en-GB
--
Gabriele Bartolini - 2ndQuadrant Italia
PostgreSQL Training, Services and Support
www.2ndQuadrant.it
Reply all
Reply to author
Forward
0 new messages