Antw: RE: [Bacula-users] Backing up PostgreSQL using Bacula and a fifo

Tue, 14 Feb 2006 02:58:04 -0800 

thanks for your remarks. I use the script on a private server dedicated as a 
database and backup server with no user logins or other applications; of course 
I would not use trust authentication otherwise. I just don't like passwords 
stored within a file.

Regarding the su - postgres : I simply did not want to troubleshoot SELinux 
running in targeted mode on that box again. I already had problems with pg_dump 
attempting to write files into directories that were not properly labeled 
selinux-wise. As I had compiled my 64bit bacula from SRPM myself, I was not 
quite sure if the SELINUX stuff is already completely ok within bacula, so I 
preferred to use the postgres user (I know that all SELINUX stuff is right 
there and that postgresql runs as one of the targeted applications). Maybe if I 
know SELinux better, I will perhaps change my scripts again...

Regards
--Marcel

>>> "Magnus Hagander" <[EMAIL PROTECTED]> 13.02.2006 >>>
> First, create the directory /var/lib/pgsql/data/dump and 
> /var/lib/pgsql/data/dump/fifo , chown postgres:bacula, chmod 750.
> Ensure that the database user postgres running on the local 
> host has "trust" access to all databases (no passwords 
> needed). This script also works for backup of remote 
> databases, but ensure that access rights are set properly.

Recommending "trust" can be a bit on the dangerous side. There are many
ways that are much better - using ident over unix sockets checks the
actual unix user, or using passwords. Only if every user on your machine
can be trusted (that includes your webserver, if you have one..) should
you use "trust".


> If you prefer to have a password, you can uncomment the lines
> EXPORT PGPASSWORD=xxxxxxxx

This is a deprecated way of specifying the password. You should be using
~/.pgpass instead.

Also, do you really need to "su" to postgres when you run pg_dump? Can't
you just run them as the bacula user - especially if you're using
"trust" auth?


Other than that, the scripts do look very nice :-) I think i'll steal
them.


//Magnus



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to