Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] catalog pg_dump fails after 5.2.2 upgrade

2011-12-23 17:39:59
Subject: Re: [Bacula-users] catalog pg_dump fails after 5.2.2 upgrade
From: Dan Langille <dan AT langille DOT org>
To: David Newman <dnewman AT networktest DOT com>
Date: Fri, 23 Dec 2011 17:38:29 -0500 
On Dec 23, 2011, at 5:35 PM, David Newman wrote:

> On 12/23/11 2:21 PM, Dan Langille wrote:
>> On Dec 20, 2011, at 1:19 PM, David Newman wrote:
>> 
>>> bacula 5.2.2, FreeBSD 8.2-RELEASE
>>> 
>>> After upgrading bacula-server from 5.0.3 to 5.2.2 using FreeBSD ports
>>> and updating the (PostgreSQL) bacula database, all jobs run fine except
>>> for the final one on the bacula server, the one that dumps the catalog
>>> before making a backup.
>>> 
>>> The error looks like this:
>>> 
>>> 20-Dec 00:08 nye-dir JobId 8183: shell command: run BeforeJob
>>> "/home/bacula/bin/make_catalog_backup bacula bacula"
>>> 20-Dec 00:08 nye-dir JobId 8183: BeforeJob: pg_dump: SQL command failed
>>> 20-Dec 00:08 nye-dir JobId 8183: BeforeJob: pg_dump: Error message from
>>> server: ERROR:  permission denied for relation restore object
>> 
>> This is the key line.  The PostgresSQL user, with which the script is 
>> connecting to
>> the database, does not have correct permissions on that table.
>> 
>>> 20-Dec 00:08 nye-dir JobId 8183: BeforeJob: pg_dump: The command was:
>>> LOCK TABLE public.restoreobject IN ACCESS SHARE MODE
>>> 20-Dec 00:08 nye-dir JobId 8183: Error: Runscript: BeforeJob returned
>>> non-zero status=1. ERR=Child exited with code 1
>>> 
>>> Running the same command manually as user pgsql also fails with the same
>>> permission denied error.
>> 
>> If you connect to
>> the database using psql, you'll see something like this (I did the version 
>> table)
>> 
>> bacula=# \dp version
>>                              Access privileges
>> Schema |  Name   | Type  |   Access privileges   | Column access privileges 
>> --------+---------+-------+-----------------------+--------------------------
>> public | version | table | bacula=arwdDxt/bacula | 
>>                          : dan=arwdDxt/bacula      
>> (1 row)
>> 
>> bacula=# 
>> 
>> You need to grant permissions on the table appropriately.  These commands 
>> may be in the upgrade script… or you'll have to do them yourself.  Now that 
>> the
>> issue is known, others may be able to help.
> 
> Thanks, Dan. In this case, it appears users pgsql and bacula have
> identical privileges:
> 
> [dnewman@nye ~]$ sudo -u pgsql /usr/local/bin/psql bacula
> Welcome to psql 8.2.22, the PostgreSQL interactive terminal.
> 
> Type:  \copyright for distribution terms
>       \h for help with SQL commands
>       \? for help with psql commands
>       \g or terminate with semicolon to execute query
>       \q to quit
> 
> bacula=# \dp version
>               Access privileges for database "bacula"
> Schema |  Name   | Type  |            Access privileges
> --------+---------+-------+------------------------------------------
> public | version | table | {pgsql=arwdxt/pgsql,bacula=arwdxt/pgsql}
> (1 row)

Now, compare the version table with the table causing the problem.  Try

\dp restore

I am not using 5.2.2, so I did the version table as an example of what it 
should look like.

> 
> bacula-# \l
>       List of databases
>   Name    | Owner  | Encoding
> -----------+--------+-----------
> bacula    | bacula | SQL_ASCII
> postgres  | pgsql  | UTF8
> template0 | pgsql  | UTF8
> template1 | pgsql  | UTF8
> (4 rows)
> 
> User bacula's shell is defined as /sbin/nologin, so I think it's user
> pgsql that's doing the work (at least it was prior to the upgrade). User
> bacula cannot launch psql nor can I su to that user because of the
> nologin setting.
> 
> What permissions do I need to change to get this dump working?
> 
> Thanks again!
> 
> dn
> 
>> 
>>> 
>>> I have restarted all bacula and postgresql daemons since the upgrade. I
>>> have not changed any permissions in the /home/bacula directory.
>>> 
>>> Thanks in advance for troubleshooting clues.
>>> 
>>> dn
>>> 
>>> 
>>> ------------------------------------------------------------------------------
>>> Write once. Port to many.
>>> Get the SDK and tools to simplify cross-platform app development. Create 
>>> new or port existing apps to sell to consumers worldwide. Explore the 
>>> Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
>>> http://p.sf.net/sfu/intel-appdev
>>> _______________________________________________
>>> Bacula-users mailing list
>>> Bacula-users AT lists.sourceforge DOT net
>>> https://lists.sourceforge.net/lists/listinfo/bacula-users
>> 
> 

-- 
Dan Langille - http://langille.org


------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] catalog pg_dump fails after 5.2.2 upgrade, David Newman
Next by Date:  Re: [Bacula-users] catalog pg_dump fails after 5.2.2 upgrade, David Newman
Previous by Thread:  Re: [Bacula-users] catalog pg_dump fails after 5.2.2 upgrade, David Newman
Next by Thread:  Re: [Bacula-users] catalog pg_dump fails after 5.2.2 upgrade, David Newman
Indexes:  [Date] [Thread] [Top] [All Lists]