Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhancement request to allow user level operator to execute backup #7916

Closed
howardlowndes opened this issue Jan 7, 2024 · 5 comments
Closed
Labels
needs-design type:enhancement Proposed improvement, new feature, or extension -- not a defect

Comments

@howardlowndes
Copy link

Version

1.11.7

What browsers are you seeing the problem on?

This problem isn't browser related

What happened?

Can we have a menu option to enable selected users who login thru login.pl to run Backup DB and Backup Roles as they require without the DB admin being required to use setup.pl
Restore would still be a DB admin function.

What should have happened?

Limited delegation of DB admin functions to user level

@ehuelsmann ehuelsmann added type:enhancement Proposed improvement, new feature, or extension -- not a defect needs-design labels Jan 7, 2024
@ehuelsmann
Copy link
Member

This request doesn't fit our current authorization scheme very well: Nowhere in the application server (everything running under Starman) is a database password stored. This is a deliberate choice, because without passwords, there's no way to leak one. The password entered by the user is the password the web application uses to log into the database. The users on the application level also exist as users in the database. The database uses the "principle of least privilege" to guard against unauthorized access or leaking of data. However: in order to create a complete backup, the user needs full access (which is logical: they'll be able to access all data after downloading the backup...).

In order to be able to implement this, we need to change strategy and allow a super-user password to be stored on the server in order for users with the correct rights to be able to create and download a backup... This definitely needs more thought. A design.

@howardlowndes
Copy link
Author

I see your point about security and it is sound. Might another option be postgresql replication to a NAS or similar.

@neilt
Copy link
Contributor

neilt commented Jan 8, 2024

Would another solution be using pg_cron or pgAgent, pgAgent tutorial to make regular backups based on a schedule created in setup.pl? No logins would be required. Backups would not be missed, making backups more reliable.

@ehuelsmann
Copy link
Member

That would work. I hve some servers set up with a cron job which does a pg_dump; it then uploads the result to a NextCloud server so the customer can download the backup; or they can just leave the backup there if they want and download the backup when they need it. If someone wants to know how the script works I can post it here (minus the passwords :-) )

@howardlowndes
Copy link
Author

howardlowndes commented Jan 9, 2024 via email

@ledgersmb ledgersmb locked and limited conversation to collaborators Jan 14, 2024
@ehuelsmann ehuelsmann converted this issue into discussion #7926 Jan 14, 2024

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Labels
needs-design type:enhancement Proposed improvement, new feature, or extension -- not a defect
Projects
None yet
Development

No branches or pull requests

3 participants