Hi all,
until now I was using pg_dumpall to backup my postgresql databases, but
I'd like to move to the plugin bareos-fd-postgresql.
I configured wal archiving:
archive_mode = on
archive_command = 'install -D %p /var/lib/pgsql/wal_archive/%f'
and the plugin:
FileSet {
Name = postgres
Description = "Fileset for postgres"
Include {
Options {
Signature = XXH128
Compression = LZ4HC
}
Plugin = "python3"
":module_name=bareos-fd-postgresql"
":db_user=postgres"
":db_host=/run/postgresql >
":wal_archive_dir=/var/lib/pgsql/wal_archive"
}
}
Since I have no dedicated backup user/role I wanted to use the
postgres-user together with "peer" authentication, as I don't want to
use the same password on every host nor have a dedicated fileset for
each postgresql-host I want to backup.
Is there a smart way of maybe bareos-fd dropping its privileges to the
user 'postgres' to be able to connect to the dbms via peer authentication?
Another possibility would be not to set ':db_user=postgres' and to add a
'root' role to the postgresql server:
create role root login;
grant all on schema public to root;
grant all on all tables in schema public to root;
grant select, update on all sequences in schema public to root;
grant execute on all functions in schema public to root;
alter role root with superuser;
This works, but are these the minimum permissions required to perform a
backup?
What's best practice?
Thanks & kind regards,
Philippe
--
You received this message because you are subscribed to the Google Groups
"bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/bareos-users/3337bc98-ff0d-4b34-be35-8b910a158a14%40quarantine.de.
