Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] catalog pg_dump fails after 5.2.2 upgrade

2011-12-23 17:37:17
Subject: Re: [Bacula-users] catalog pg_dump fails after 5.2.2 upgrade
From: David Newman <dnewman AT networktest DOT com>
To: Dan Langille <dan AT langille DOT org>
Date: Fri, 23 Dec 2011 14:35:38 -0800 
On 12/23/11 2:21 PM, Dan Langille wrote:
> On Dec 20, 2011, at 1:19 PM, David Newman wrote:
> 
>> bacula 5.2.2, FreeBSD 8.2-RELEASE
>>
>> After upgrading bacula-server from 5.0.3 to 5.2.2 using FreeBSD ports
>> and updating the (PostgreSQL) bacula database, all jobs run fine except
>> for the final one on the bacula server, the one that dumps the catalog
>> before making a backup.
>>
>> The error looks like this:
>>
>> 20-Dec 00:08 nye-dir JobId 8183: shell command: run BeforeJob
>> "/home/bacula/bin/make_catalog_backup bacula bacula"
>> 20-Dec 00:08 nye-dir JobId 8183: BeforeJob: pg_dump: SQL command failed
>> 20-Dec 00:08 nye-dir JobId 8183: BeforeJob: pg_dump: Error message from
>> server: ERROR:  permission denied for relation restore object
> 
> This is the key line.  The PostgresSQL user, with which the script is 
> connecting to
> the database, does not have correct permissions on that table.
> 
>> 20-Dec 00:08 nye-dir JobId 8183: BeforeJob: pg_dump: The command was:
>> LOCK TABLE public.restoreobject IN ACCESS SHARE MODE
>> 20-Dec 00:08 nye-dir JobId 8183: Error: Runscript: BeforeJob returned
>> non-zero status=1. ERR=Child exited with code 1
>>
>> Running the same command manually as user pgsql also fails with the same
>> permission denied error.
> 
> If you connect to
> the database using psql, you'll see something like this (I did the version 
> table)
> 
> bacula=# \dp version
>                               Access privileges
>  Schema |  Name   | Type  |   Access privileges   | Column access privileges 
> --------+---------+-------+-----------------------+--------------------------
>  public | version | table | bacula=arwdDxt/bacula | 
>                           : dan=arwdDxt/bacula      
> (1 row)
> 
> bacula=# 
> 
> You need to grant permissions on the table appropriately.  These commands 
> may be in the upgrade script… or you'll have to do them yourself.  Now that 
> the
> issue is known, others may be able to help.

Thanks, Dan. In this case, it appears users pgsql and bacula have
identical privileges:

[dnewman@nye ~]$ sudo -u pgsql /usr/local/bin/psql bacula
Welcome to psql 8.2.22, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit

bacula=# \dp version
               Access privileges for database "bacula"
 Schema |  Name   | Type  |            Access privileges
--------+---------+-------+------------------------------------------
 public | version | table | {pgsql=arwdxt/pgsql,bacula=arwdxt/pgsql}
(1 row)

bacula-# \l
       List of databases
   Name    | Owner  | Encoding
-----------+--------+-----------
 bacula    | bacula | SQL_ASCII
 postgres  | pgsql  | UTF8
 template0 | pgsql  | UTF8
 template1 | pgsql  | UTF8
(4 rows)

User bacula's shell is defined as /sbin/nologin, so I think it's user
pgsql that's doing the work (at least it was prior to the upgrade). User
bacula cannot launch psql nor can I su to that user because of the
nologin setting.

What permissions do I need to change to get this dump working?

Thanks again!

dn

> 
>>
>> I have restarted all bacula and postgresql daemons since the upgrade. I
>> have not changed any permissions in the /home/bacula directory.
>>
>> Thanks in advance for troubleshooting clues.
>>
>> dn
>>
>>
>> ------------------------------------------------------------------------------
>> Write once. Port to many.
>> Get the SDK and tools to simplify cross-platform app development. Create 
>> new or port existing apps to sell to consumers worldwide. Explore the 
>> Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
>> http://p.sf.net/sfu/intel-appdev
>> _______________________________________________
>> Bacula-users mailing list
>> Bacula-users AT lists.sourceforge DOT net
>> https://lists.sourceforge.net/lists/listinfo/bacula-users
> 


------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] catalog pg_dump fails after 5.2.2 upgrade, Dan Langille
Next by Date:  Re: [Bacula-users] catalog pg_dump fails after 5.2.2 upgrade, Dan Langille
Previous by Thread:  Re: [Bacula-users] catalog pg_dump fails after 5.2.2 upgrade, Dan Langille
Next by Thread:  Re: [Bacula-users] catalog pg_dump fails after 5.2.2 upgrade, Dan Langille
Indexes:  [Date] [Thread] [Top] [All Lists]