[oi-dev] Barman packaging
Alexander Pyhalov
alp at rsu.ru
Thu Nov 7 07:39:20 UTC 2013
On 11/07/2013 09:44, Alexander Pyhalov wrote:
> Hello.
> We already have profile PostgreSQL Management.
> Clearly, barman user needs remote (ssh access) to the server and access
> to "/var/postgres/N.M". Specifically, it runs rsync on this directory
> (which should be accessible to postgresql user). I've tried to play with
> RBAC to achieve this (to allow barman user run rsync with postgres uid),
> but haven't succeeded yet.
The most interesting part is that barman has to run rsync with postgres
euid on remote site (to access DB files ) and with barman euid on local
(to access backup files). I think that converting postgres from role to
user is more straightforward than trying to create necessary RBAC policy.
> Another sollution is just to convert postgres to regular user and use it
> for remote access. Not sure if we need separate barman user in this
> case. Perhaps, it's a good idea: backups and DB will have separate owners.
So, I think I'll go this way.
--
Best regards,
Alexander Pyhalov,
system administrator of Computer Center of Southern Federal University
More information about the oi-dev
mailing list