[oi-dev] Barman packaging
Alexander Pyhalov
alp at rsu.ru
Thu Nov 7 05:44:12 UTC 2013
On 11/07/2013 02:50, Adam Števko wrote:
> Hi,
>
> My idea is to convert postgres role to user (uid 90 afaik) and create a profile PostgreSQL Management, which can be used for barman needs once it is assigned to some user.
>
> I am not sure if IPS can assign profiles to users, but doing that would be much easier for the user than to find all the pitfalls himself.
>
> RBAC integration into userland is something we should generally agree on and try to write some best practices into wiki.
>
> Are there any thoughts why the solution I propose is wrong? DB simply gets the user and pgsql mgmt profile will exists and it's up to user to assign it to an user account, which he wants.
>
> Cheers,
> Adam
Hello.
We already have profile PostgreSQL Management.
Clearly, barman user needs remote (ssh access) to the server and access
to "/var/postgres/N.M". Specifically, it runs rsync on this directory
(which should be accessible to postgresql user). I've tried to play with
RBAC to achieve this (to allow barman user run rsync with postgres uid),
but haven't succeeded yet.
Another sollution is just to convert postgres to regular user and use it
for remote access. Not sure if we need separate barman user in this
case. Perhaps, it's a good idea: backups and DB will have separate owners.
--
Best regards,
Alexander Pyhalov,
system administrator of Computer Center of Southern Federal University
More information about the oi-dev
mailing list