Re: [Gnumed-devel] Problems dumping database (Mac limitation on su -c)

[Jim Busser]

On 2011-05-26, at 1:23 PM, Karsten Hilbert wrote:

> So, one needs to configure the backup for backup.
> 
> I have changed the default database name to say
> 
>       database_to_backup__for_example_gnumed_v15

Ah, ok, some of it was my misunderstanding --- I had not realized the extent of 
adjustments required in the config file…


*****************************************
In the backup script where it says

# You need to allow root to access the GNUmed database as
# user "gm-dbo" by either editing pg_hba.conf or using a
# .pgpass file.

Does the above mean only ensuring to have, in place, the line

        local samegroup +gm-logins md5

and is this truly anything to do with root? It seems that once a server 
administrator would set up the backup files for example in

        /etc/gnumed

then a regular user only needs to know the (postgres and) gm-dbo passwords to 
be able to dump the database

??

*****************************************

In the backup script top comment section, just below "You need to allow root…" 
but above "anacron", could you insert

        Mac users, pending a FIXME, need to comment-out the sanity check

Above the line

        CONF="/etc/gnumed/gnumed-backup.conf" 

can you insert

        # Ensure that the following has been properly updated for
        # the desired version v_ of the database, and other params

*****************************************

The backup script seemed capable, when needing the passwords for database users 
postgres and gm-dbo, to evoke prompts from the command line *except* that the 
prompts I was given were uninformative…

        Password:       <--- wanting postgres
        Password for user gm-dbo:       <--- wanting gm-dbo
        Password:       <--- wanting… gm-dbo !!!!!!!!!!!!!

… can the above be improved by echoing, to the command line in advance of (and 
after) each above step, what might be expected, for example:

        Initiating a postgres db user step…
        < here there may, or may not, come a prompt>

        Initiating a GNUmed db owner (e.g. gm-dbo) step…
        < here there may, or may not, come a prompt>

        Initiating a GNUmed db owner (e.g. gm-dbo) step…
        < here there may, or may not, come a prompt>

because by the above method, when no prompt is received, the user attends only 
to the last line.

*****************************************
A question about the data security safety of .pgpass files…

… since anyone with sudo access could reset postgres and accordingly the gm-dbo 
passwords, is it no loss of security to store a .pgpass under a root directory?

… backing up as root however implies a backup to

        /var/root/gnumed/backup

which would maybe a bit strange?

Is it envisioned that a typical user backup would be as a user other than root?

*****************************************
When you commented in the config file as follows

        #------------------------------------------------------------
        # those need to be changed in most if not all cases
        #------------------------------------------------------------ 

can you please change the two occurrences of

        "those…"

to

        "the following"

*****************************************

Can the conf file URL to the 8.1 manual be replaced by the one to the 
(admittedly) marginally clearer one in 8.4

        http://www.postgresql.org/docs/8.4/static/libpq-pgpass.html