[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] Problems dumping database (Mac limitation on su -c)
From: |
Jim Busser |
Subject: |
Re: [Gnumed-devel] Problems dumping database (Mac limitation on su -c) |
Date: |
Thu, 26 May 2011 23:28:51 -0700 |
On 2011-05-26, at 1:23 PM, Karsten Hilbert wrote:
> So, one needs to configure the backup for backup.
>
> I have changed the default database name to say
>
> database_to_backup__for_example_gnumed_v15
Ah, ok, some of it was my misunderstanding --- I had not realized the extent of
adjustments required in the config file…
*****************************************
In the backup script where it says
# You need to allow root to access the GNUmed database as
# user "gm-dbo" by either editing pg_hba.conf or using a
# .pgpass file.
Does the above mean only ensuring to have, in place, the line
local samegroup +gm-logins md5
and is this truly anything to do with root? It seems that once a server
administrator would set up the backup files for example in
/etc/gnumed
then a regular user only needs to know the (postgres and) gm-dbo passwords to
be able to dump the database
??
*****************************************
In the backup script top comment section, just below "You need to allow root…"
but above "anacron", could you insert
Mac users, pending a FIXME, need to comment-out the sanity check
Above the line
CONF="/etc/gnumed/gnumed-backup.conf"
can you insert
# Ensure that the following has been properly updated for
# the desired version v_ of the database, and other params
*****************************************
The backup script seemed capable, when needing the passwords for database users
postgres and gm-dbo, to evoke prompts from the command line *except* that the
prompts I was given were uninformative…
Password: <--- wanting postgres
Password for user gm-dbo: <--- wanting gm-dbo
Password: <--- wanting… gm-dbo !!!!!!!!!!!!!
… can the above be improved by echoing, to the command line in advance of (and
after) each above step, what might be expected, for example:
Initiating a postgres db user step…
< here there may, or may not, come a prompt>
Initiating a GNUmed db owner (e.g. gm-dbo) step…
< here there may, or may not, come a prompt>
Initiating a GNUmed db owner (e.g. gm-dbo) step…
< here there may, or may not, come a prompt>
because by the above method, when no prompt is received, the user attends only
to the last line.
*****************************************
A question about the data security safety of .pgpass files…
… since anyone with sudo access could reset postgres and accordingly the gm-dbo
passwords, is it no loss of security to store a .pgpass under a root directory?
… backing up as root however implies a backup to
/var/root/gnumed/backup
which would maybe a bit strange?
Is it envisioned that a typical user backup would be as a user other than root?
*****************************************
When you commented in the config file as follows
#------------------------------------------------------------
# those need to be changed in most if not all cases
#------------------------------------------------------------
can you please change the two occurrences of
"those…"
to
"the following"
*****************************************
Can the conf file URL to the 8.1 manual be replaced by the one to the
(admittedly) marginally clearer one in 8.4
http://www.postgresql.org/docs/8.4/static/libpq-pgpass.html
- [Gnumed-devel] Problems dumping database (Mac limitation on su -c), Jim Busser, 2011/05/25
- Re: [Gnumed-devel] Problems dumping database (Mac limitation on su -c), Karsten Hilbert, 2011/05/26
- Re: [Gnumed-devel] Problems dumping database (Mac limitation on su -c), Jim Busser, 2011/05/26
- Re: [Gnumed-devel] Problems dumping database (Mac limitation on su -c), Karsten Hilbert, 2011/05/27
- Re: [Gnumed-devel] Problems dumping database (Mac limitation on su -c), Jim Busser, 2011/05/27
- Re: [Gnumed-devel] Problems dumping database (Mac limitation on su -c), Karsten Hilbert, 2011/05/29
- Re: [Gnumed-devel] Problems dumping database (Mac limitation on su -c), Jim Busser, 2011/05/30