[ADMIN] grant model in PostgreSQL 8.2
Dear colleagues, What is the preferred grant model in multi-developers environment? I'm currently thinking of two groups, one is 'admin' and other is 'user', where real developers are members of the first group, with 'set role to admin' in pg_authid; report create user (used in web frontend, e.g.) is a member of the second group, having only read privileges from db objects. The question is: can I automatically grant read privileges on newly created objects in my schema? Thanks. Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** ---(end of broadcast)--- TIP 5: don't forget to increase your free space map settings
Re: [ADMIN] 7.4.5 file write issue
On Tue, 22 Feb 2005, Chris White (cjwhite) wrote: CWc We are noticing on our 7.4.5 system the following files are being written CWc approximately every 5 minutes CWc CWc /tmp/.s.PGSQL.5432 CWc /tmp/.s.PGSQL.5432.lock CWc CWc Anybody know why they are being written? The reason I ask is because we are CWc running on a system that uses a laptop disk drive and requires at least 10 CWc minutes idle time to spindown so it can recalibrate. This did not happen CWc when we were running 7.4.2, so does anybody have any idea what may have CWc changed between 7.4.2 and 7.4.5 to cause this to happen. What about switching to memory-based /tmp ? Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [ADMIN] fallback authentication
On Sat, 11 Dec 2004, Ron Peterson wrote: RP I have: RP RP hostall all 127.0.0.1 255.255.255.255 md5 RP hostall all 127.0.0.1 255.255.255.255 pam postgresql RP hostall all 0.0.0.0 0.0.0.0 reject This scheme would not work. However, something like the following may help: local all pgsql ident sameuser hostall dba 127.0.0.1 255.255.255.255 md5 hostall local 127.0.0.1 255.255.255.255 pam postgresql So you can do local maintenance like cron backups from pgsql account, and fallback login for dba user when pam or authenticating modules are not available. Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [ADMIN] v7.1b4 bad performance
On Sat, 17 Feb 2001, Tom Lane wrote: [skip] TL Platform: HPUX 10.20 on HPPA C180, fast wide SCSI discs, 7200rpm (I think). TL Minimum select(2) delay is 10 msec on this platform. [skip] TL I vote for commit_delay = 0, unless someone can show cases where TL positive delay is significantly better than zero delay. BTW, for modern versions of FreeBSD kernels, there is HZ kernel option which describes maximum timeslice granularity (actually, HZ value is number of timeslice periods per second, with default of 100 = 10 ms). On modern CPUs HZ may be increased to at least 1000, and sometimes even to 5000 (unfortunately, I haven't test platform by hand). So, maybe you can test select granularity at ./configure phase and then define default commit_delay accordingly. Your thoughts? Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send unregister YourEmailAddressHere to [EMAIL PROTECTED])
Re: [ADMIN] Shared memory corrupted?
On Thu, 30 Oct 2003, Jeff Boes wrote: JB We are experiencing the following error, usually during our nightly JB delete-and-vacuum cycle (when there are very few other connections to JB the database): JB JB 2003-10-30 01:36:59 [25392] LOG: server process (pid 697) was JB terminated by signal 14 JB 2003-10-30 01:36:59 [25392] LOG: terminating any other active server JB processes JB 2003-10-30 01:37:01 [1977] FATAL: The database system is in recovery mode JB 2003-10-30 01:37:08 [25392] LOG: all server processes terminated; JB reinitializing shared memory and semaphores JB 2003-10-30 01:37:09 [2856] FATAL: The database system is starting up JB 2003-10-30 01:37:09 [2855] LOG: database system was interrupted at JB 2003-10-30 01:26:13 EST JB JB The only clues we have are that the server processes interrupted by JB signal 14 *seem* to be backends connected to Apache processes (on JB another server). But even that isn't certain, because of the difficulty JB in tracking down which process was doing what at the time. Signal 14 is SIGALRM. Some kind of badly-behaving watchdog? Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [ADMIN] Installed OpenSSL but still cannot install PostgreSQL
On Mon, 24 Mar 2003, Tamir Halperin wrote: TH This is because libcrypto had its shlib version bumped from .2 to .3 TH after OpenSSL's last round of security bugs. If you symlink TH libcrypto.so.2 to libcrypto.so, you should be okay. -sc TH TH Done that and I'm still unable to move past the message below. If anyone TH has an idea why I'm still being asked to install OpenSSL when I did I would TH be greatly aided. what is the output of 'ldconfig -r | grep crypt' ? Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
Re: [ADMIN] Installed OpenSSL but still cannot install PostgreSQL
On Mon, 24 Mar 2003, Tamir Halperin wrote:
TH 1:-lcrypt.2 = /usr/lib/libcrypt.so.2
TH 110:-lcrypto.2 = /usr/local/lib/libcrypto.so.2
TH 111:-lcrypto.3 = /usr/local/lib/libcrypto.so.3
TH 117:-lmcrypt.8 = /usr/local/lib/libmcrypt.so.8
Aha. This seems to be a fault in /usr/ports/Mk/bsd.port.mk around line 930
.if defined(USE_OPENSSL)
.if ${OSVERSION} = 400014
.if !exists(/usr/lib/libcrypto.so)
.BEGIN:
@${ECHO_CMD} This port requires the OpenSSL library, which is part of
@${ECHO_CMD} the FreeBSD crypto distribution but not installed on your
You may try to play with symlinks, but I suppose more natural way is to upgrade
your system to at least 4.6 security branch and install OpenSSL from base
system.
Or, you can simply make postgresql port without SSL support:
cd /usr/ports/databases/postgresql7
make WITHOUT_SSL=yes
Sincerely,
D.Marck [DM5020, DM268-RIPE, DM3-RIPN]
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] ***
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
Re: [ADMIN] Installed OpenSSL but still cannot install PostgreSQL
On Mon, 24 Mar 2003, Tamir Halperin wrote: TH After following your instructions regarding the deinstallation of the TH openssl package and then reinstalling it with make TH OPENSSL_OVERWRITE_BASE=yes, I still get the same message when executing TH make in the /usr/ports/databases/postgresql7 directory that tells me I need TH to first install openssl. TH TH Here's the output of ldconfig -r | grep crypt: TH TH 1:-lcrypt.2 = /usr/lib/libcrypt.so.2 TH 110:-lcrypto.2 = /usr/local/lib/libcrypto.so.2 TH 111:-lcrypto.3 = /usr/local/lib/libcrypto.so.3 TH 117:-lmcrypt.8 = /usr/local/lib/libmcrypt.so.8 TH TH I'm sure there's a solution to using postgresql 7.3.2 with openssl. I just don't have it. Well, thanks for re-checking with ldconfig we can see our OPENSSL_OVERWRITE_BASE did not help. Something is broken during the upgrade. Can you check whether openssl libraries reside only in /usr/local/lib and not in /usr/lib ? BTW, you can look at /var/bd/pkg/pkgname-version/+CONTENTS to see where are the files installed by port reside. also, `pkg_info -W /path/to/the/file' is useful to debug. About your problem: contemporary port building system checks for OpenSSL _only_ in base system directories, particularly /usr/lib/libcrypto.so So, possibly, quick hack like 'ln -s /usr/local/lib/libcrypto.so /usr/lib' may help you. Anyway, please consider upgrading to 4.8 which should be out of door this week. Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [ADMIN] TeDia2SQL 0.77 (Dia--SQL DDL Tool) Released
Tim, I suppose it would be very useful if you place some links to Dia-related pages to your page. Especially for BDA-newbies, you know ;-) On Fri, 28 Jun 2002, Tim Ellis wrote: TE Hello, Lists, James, TE TE tedia2sql 0.77 (Dia UML diagram -- SQL DDL converter) is released. It TE currently supports Dia UML--Sybase, Postgres, Oracle. TE TE New in 0.77: Oracle support debugged, finished, tested. Todo: DB/2 support TE debug/finish/test. TE TE Homepage: http://faemalia.net/tedia2sql TE TE James K. Lowden: My emails to you off-list are not getting through. Have TE you received ~6 emails from tim[dot]ellis[at]gamet[dot]com? Please check TE your mail server spam filters. TE TE Thanks, TE -- TE Tim Ellis TE DBA, Gamet TE TE TE TE ---(end of broadcast)--- TE TIP 2: you can get off all lists at once with the unregister command TE (send unregister YourEmailAddressHere to [EMAIL PROTECTED]) TE TE Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/users-lounge/docs/faq.html
Re: [ADMIN] databases and RAID ...
On Fri, 24 May 2002, Kris Deugau wrote: [snip] KD Note that if you're looking for a system you can hotswap, you will KD probably need to go SCSI in any case; I'm not aware of any KD hotswap-capable IDE RAID systems. Not exactly ;-) Promise TX2 and TX4 with special enclosures do the trick. If you need to scale further, 3Ware Escalade controllers (www.3ware.com) would be the right choice. Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [ADMIN] pg_dump max file size exceeded
On Wed, 20 Mar 2002, Rolf Luettecke wrote: RL Fred Moyer [EMAIL PROTECTED] writes: RL ran time pg_dump -c --verbose database datafile.psql from the command RL line and got a file size limit exceeded. datafile.psql stopped at 2 gigs. RL any ideas how to exceed that limit? RL RL Workaround: Pipe output to gzip/bzip2, if compressed file size does not RL reach 2 GB limit, or cut output into 2GB-pieces. ... and if it's still does not fit, pipe it further into split(1) ;-) [though I don't know whether this utility exists in standard Linux distrib. In BSDs it does.] Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send unregister YourEmailAddressHere to [EMAIL PROTECTED])
Re: [ADMIN] Postgres not starting at boot(FreeBSD) - startup script
On Sun, 10 Mar 2002, Dave wrote:
I use the following lines (at /usr/local/etc/rc.d/pgsql.sh)
-- 8 --
#!/bin/sh
PGBIN=/usr/local/pgsql/bin
cmd=$1
: ${cmd:=start}
case $cmd in
start)
[ -d /usr/local/pgsql/lib ] /sbin/ldconfig -m /usr/local/pgsql/lib
[ -x ${PGBIN}/pg_ctl ] {
echo -n 'pgsql '
su -l pgsql -c \
'[ -d ${PGDATA} ] exec /usr/local/pgsql/bin/pg_ctl start -s -l
~pgsql/log/errlog'
}
;;
stop)
[ -x ${PGBIN}/pg_ctl ] {
echo -n 'pgsql '
su -l pgsql -c 'exec /usr/local/pgsql/bin/pg_ctl stop -s -m fast'
}
;;
status)
[ -x ${PGBIN}/pg_ctl ] {
exec su -l pgsql -c 'exec /usr/local/pgsql/bin/pg_ctl status'
}
;;
*)
echo usage: `basename $0` {start|stop|status} 2
exit 64
;;
esac
-- 8 --
D Try this on for size... recently during a reboot (first in about 3 months for
D this particular server) our entire rc.d directory failed to start... after some
D hacking of the rc file to output some helpful debuggin, it was apparent that the
D 010.pgsql.sh script in /usr/local/etc/rc.d was timing out and causing any
D directives thereafter not to be processed.
D
D Running the script manually as root starts the postmaster but doesn't return you
D to the command prompt. ^C and checking the errlog shows
D
D Waiting for postmaster starting up..DEBUG: Data Base System is starting up at
D Sat Mar 9 17:05:45 2002
D DEBUG: Data Base System was shut down at Sat Mar 9 17:05:39 2002
D DEBUG: Data Base System is in production state at Sat Mar 9 17:05:45 2002
D Fast Shutdown request at Sat Mar 9 17:05:48 2002
D DEBUG: Data Base System shutting down at Sat Mar 9 17:05:48 2002
D DEBUG: Data Base System shut down at Sat Mar 9 17:05:48 2002
D
D Can force it to return to command prompt by adding a and doublt cr
D
D web1# /usr/local/etc/rc.d/010.pgsql.sh start
D [1] 4635
D web1#
D [1] + Suspended (tty output)/usr/local/etc/rc.d/010.pgsql.sh start
D web1#
D
D and postgres stays up and frees the terminal. Output in errlog for this is...
D
D Waiting for postmaster starting up..DEBUG: Data Base System is starting up at
D Sat Mar 9 17:07:21 2002
D DEBUG: Data Base System was shut down at Sat Mar 9 17:05:48 2002
D DEBUG: Data Base System is in production state at Sat Mar 9 17:07:21 2002
D
D No idea what could be causing the script not to function as it is the EXACT same
D script as on the other servers we are operating (did a diff just to be sure)
D
D In the interim we removed the script from the startup dir... any ideas as to
D why this is occuring?
D
D Installed from port, left the port startup script as is... listed below.
D Appreciate any feedback/comments.
D
D Dave
D
D # $FreeBSD: ports/databases/postgresql7/files/pgsql.sh.tmpl,v 1.9 2000/12/11
D 03:22:07 steve Exp $
D #
D # For postmaster startup options, edit $PGDATA/postmaster.opts.default
D # Preinstalled options are -i -o -F
D
D case $1 in
D start)
D [ -d /usr/local/pgsql/lib ] /sbin/ldconfig -m /usr/local/pgsql/lib
D [ -x /usr/local/pgsql/bin/pg_ctl ] {
D su -l pgsql -c \
D 'exec /usr/local/pgsql/bin/pg_ctl -w start /usr/local/pgsql/errlog
D 21'
D echo -n ' pgsql'
D }
D ;;
D
D stop)
D [ -x /usr/local/pgsql/bin/pg_ctl ] {
D exec su -l pgsql -c 'exec /usr/local/pgsql/bin/pg_ctl -w -m fast stop'
D }
D ;;
D
D status)
D [ -x /usr/local/pgsql/bin/pg_ctl ] {
D exec su -l pgsql -c 'exec /usr/local/pgsql/bin/pg_ctl status'
D }
D ;;
D
D *)
D echo usage: `basename $0` {start|stop|status} 2
D exit 64
D ;;
D esac
D
D
D ---(end of broadcast)---
D TIP 4: Don't 'kill -9' the postmaster
D
Sincerely,
D.Marck [DM5020, DM268-RIPE, DM3-RIPN]
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] ***
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
[ADMIN] Authentication problem
Hi there colleagues, From the Docs (Admin 4.1): There is no fall-through or backup: if one record is chosen and the authentication fails, the following records are not considered. Are there any plans to loose this restriction? It would be very useful to use e.g. local all ident admin local sameuserident sameuser local all passwordpasswd.user and have backup pseudo-users in admin ident-map, allow connecting users to personal databases and list exceptions in password file. Or, is there another way to achieve this? Also, of course, it would be _very_ useful to tell full connects and read-only connects (not allowed to create tables/indexes/views/etc...) Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
Re: [ADMIN] change one database to other
On Tue, 8 Jan 2002, RED wrote: R I have 2 base Ex: base1 and base2 R When I connected to base1 I need data from base2 ! R How did this without disconect from base1 and connect to base2 R agregate all table into one databese not accesable R In mysql this is posible. Depending on the programming language, you can open two simultaneous connections to different databases and mix them. It is possible at least with perl DBI and C's libpq. Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/users-lounge/docs/faq.html
Re: [ADMIN] update in rule
On Wed, 17 Oct 2001, Stephan Szabo wrote: SS Use a trigger instead, something like SS SS create function adresses_trigger() returns opaque as ' SS begin SS NEW.date_maj := now(); SS return NEW; SS end;' language 'plpgsql'; hmm. it seems defaul pgsql installation does not contains definition for plpgsql language: test=# select * from pg_language ; lanname | lanispl | lanpltrusted | lanplcallfoid | lancompiler --+-+--+---+- internal | f | f| 0 | n/a C| f | f| 0 | /bin/cc sql | f | f| 0 | postgres (3 rows) however, plpgsql.so is in pgsql lib directory (though it is *NOT* visible by ldconfig -r) My installation is 7.1.3 under FreeBSD 4-stable. Is it somehow my fault or does it need to manually do something like create function plpgsql_handler() ... create language 'plpgsql' ... ? Please give me advise how exactly should these statements look? Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
[ADMIN] [possibly] dumb question
Hello colleagues, sorry for dumb question, but can anybody advise me what default statement should I write to fill timestamp column in record to the time of insertion. 'now'::timestamp leads to timestamp of database creation for all records, 'current' can not be converted to timestamp... also, I'm rather new to triggers, can anybody help me how should look the trigger for tracking last modification time of the record (yes, I do know I can simply put 'now' in update statement, but I want to disable ability to change such column by hand) Thanks in advance. Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] *** ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://www.postgresql.org/search.mpl
Re: [HACKERS] Re: [ADMIN] v7.1b4 bad performance
On Fri, 23 Feb 2001, Hannu Krosing wrote: HK DM I just done the experiment with increasing HZ to 1000 on my own machine HK DM (PII 374). Your test program reports 2 ms instead of 20. The other side HK DM of increasing HZ is surely more overhead to scheduler system. Anyway, it's HK DM a bit of data to dig into, I suppose ;-) HK DM HK DM Results for pgbench with 7.1b4: (BTW, machine is FreeBSD 4-stable on IBM HK DM DTLA IDE in ATA66 mode with tag queueing and soft updates turned on) HK HK Is this unmodified pgbench or has it Hiroshi tweaked behaviour of HK connecting each client to its own database, so that locking and such HK does not shade the possible benefits (was it about 15% ?) of delay1 HK also, IIRC Tom suggested running with at least -B 1024 if you can. It was original pgbench. Maybe, duritng this weekend I'll make new kernel with big SHM table and try to test with larger -B (for now, -B 256 is the most I can set) Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] ***
[ADMIN] PostgreSQL 7, FreeBSD and locale support
Hello there, I have configured and installed PostgreSQL 7.0.3 on a FreeBSD-4-stable box. Configure has been run as ./configure --enable-locale --enable-recode However, trying every combinations of LANG env vars for both server and client I gave standard ASCII order as a result of any SELECT ... ORDER BY (test/locale/koi8-r as an example). One of my friends tell me that FreeBSD has stricter than e.g. Linux locale policy, and do not treat negative chars (and cyrillic characters are all above 0x80, so they are negative in signed char representation). Is there a way to get working server on FreeBSD with locale support? Thanks in advance. Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] ***
Re: [ADMIN] How to identify connected Users?
On Fri, 1 Dec 2000, Peter Eisentraut wrote: PE is there any way to identify users which are currently connected to the PE database? Does perhaps even exist a method to notify this users (e.g. to PE close the connection)? PE PE ps ax | grep postgres PE PE is the best way to go. Nope. Using this you can identify UNIX users, instead of PG users. And, if the scripts are running from the web server, there will be only nobosy/httpd in most cases... Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] ***
Re: [ADMIN] Administration tips
On 26 Jun 2000, Camm Maguire wrote: CM Both of these basically depend on 'pg_dump | psql'. From what I CM understand now, the pg_dump has to be executed on the db host unless CM user checking across the network is disabled with a 'trust' entry in CM hba.conf, as pg_dump needs to connect as postgres. It would be great CM if the replication/backup procedure could be run on an arbitrary host CM without disabling all such user checking. You could define $PGPASSWORD to authenticate with passwords; also, you can restrict the backup host with no passwords (restricting IP traffic by ipfw, e.g) but with ident... Ways are vary... Surely in latter case you should make sure that no others connections to your db are possible from that (hopefully the most restricted host in the network -- this possibly should apply to any kind of backup host). Just my $.02 ;-) Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] ***
Re: [ADMIN] How to set up users etc for Web access?
On Tue, 3 Aug 1999, Lamar Owen wrote: LO 3.) You may or may not want the HTTPD_RUN_USER to actually own the LO tables in question -- however, you will have to GRANT the perms desired. AS I mentioned previously, there's currently no way to prevent user httpd (or whoever under which httpd is running) to create tables. This is not a serious security risc, AFAIC, but a risc of running over file quotas. LO In the case of AOLserver, the connections from the aolserver process LO (nsd) are pooled and are made with the userid of 'aolserver'. For LO AOLserver, all files the nsd process (singular, since AOLserver is LO multithreaded) accesses are owned by 'aolserver' and chmod'd 600. LO AOLserver uses a tcl API -- those files (*.tcl and *.adp) are also LO chmod'd 600, as AOLserver does its own interpreting -- php may need LO execute permission; I don't know. Well, I suppose web site files should NOT be owned by httpd user, but only readable (and, if needed, executable bu it) via group -- so permissions should be 640 or 750, respectievly. This prevents possibility to change web-content from erroneous cgi script, for example. [All of above is just my $.02 :)] Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] ***
[ADMIN] Password protected databases and automated backups
Hi there, How can I organize automated database dumping for passord protected database? Any suggestions are welcome. Thank you in advance. Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] ***
Re: [ADMIN] Password protected databases and automated backups
On Mon, 2 Aug 1999, Peter Eisentraut wrote: PE How can I organize automated database dumping for passord protected PE database? PE If you're implying something like "How do I get around entering a PE password?", that won't be solvable so easily. Possibly you want to use PE ident authentication for that particular user and host or hardcode the PE password in your (preferably read-protected) script. (If anyone has better PE ideas here, let us know.) Yes, surely, I meant precisely this situation. I have looked through sources of pg_dump, but have no time to patch it to achieve desired effect :) PE A different solution would be to backup the $PGDATA/base directory using PE regular file backup methods. That wouldn't be a dump, so it depends on PE your particular needs. This may not have the desired effect, as the database may be not in consistent state. Or am I wrong presuming that pg_dump locks entire database for update? Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] ---- *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] ***
Re: [ADMIN] Password protected databases and automated backups
DM PE A different solution would be to backup the $PGDATA/base directory using DM PE regular file backup methods. That wouldn't be a dump, so it depends on DM PE your particular needs. DM DM This may not have the desired effect, as the database may be not in DM consistent state. Of course, there is at least one solution which implies stopping the postmaster before dumping the database -- but this is not the desired behavoiur too, surely. :) Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] ***
