On 11/07/2013 02:50, Adam Števko wrote:
Hi,
My idea is to convert postgres role to user (uid 90 afaik) and create a profile
PostgreSQL Management, which can be used for barman needs once it is assigned
to some user.
I am not sure if IPS can assign profiles to users, but doing that would be much
easier for the user than to find all the pitfalls himself.
RBAC integration into userland is something we should generally agree on and
try to write some best practices into wiki.
Are there any thoughts why the solution I propose is wrong? DB simply gets the
user and pgsql mgmt profile will exists and it's up to user to assign it to an
user account, which he wants.
Cheers,
Adam
Hello.
We already have profile PostgreSQL Management.
Clearly, barman user needs remote (ssh access) to the server and access
to "/var/postgres/N.M". Specifically, it runs rsync on this directory
(which should be accessible to postgresql user). I've tried to play with
RBAC to achieve this (to allow barman user run rsync with postgres uid),
but haven't succeeded yet.
Another sollution is just to convert postgres to regular user and use it
for remote access. Not sure if we need separate barman user in this
case. Perhaps, it's a good idea: backups and DB will have separate owners.
--
Best regards,
Alexander Pyhalov,
system administrator of Computer Center of Southern Federal University
_______________________________________________
oi-dev mailing list
[email protected]
http://openindiana.org/mailman/listinfo/oi-dev
