Re: Unable to upload backups

From: Ron Ben <ronb910(at)walla(dot)co(dot)il>
To: Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, "<pgsql-general(at)postgresql(dot)org>" <pgsql-general(at)postgresql(dot)org>
Subject: Re: Unable to upload backups
Date: 2017-04-19 13:49:00
Message-ID: ~00258F76ACC8C29740021BC@walla.co.il
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

<div><div dir="rtl"><div>
<div dir="rtl">
<div>I think I may have found the problem.</div>
<div>&nbsp;</div>
<div>The role defined as:</div>
<div>&nbsp;</div>
<div>CREATE ROLE "ronb" LOGIN<br>&nbsp; NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;<br>GRANT users TO "ronb";</div>
<div>GRANT users2 TO "ronb";</div>
<div>&nbsp;</div>
<div>users is a group role:</div>
<div>&nbsp;</div>
<div>CREATE ROLE users <br>&nbsp; SUPERUSER INHERIT CREATEDB CREATEROLE NOREPLICATION;</div>
<div>&nbsp;</div>
<div>&nbsp;users2 is a group role:</div>
<div>CREATE ROLE users2 <br>&nbsp; NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;</div>
<div>GRANT reports TO users2 ;</div>
<div>&nbsp;</div>
<div>&nbsp;</div>
<div>I think PostgreSQL doesn't know how to handle this conflicted commands.</div>
<div>What PostgreSQL does when such conflic appears? does it take the last known command of grant?</div>
</div>
<br>Sadly, when there are more than one role it's impossible to know which role was first. PostgreSQL shows them alphabeticly rather than by date so in case of overlaping instructions its impossible to know which one was first.</div></div><section class="cust_msg_end"></section><blockquote style="margin:0;margin-bottom:20px;border-top:1px solid #e0e0e0;"><br>ב אפר׳ 19, 2017 16:40, Adrian Klaver כתב:<blockquote style="margin:0;margin-bottom:20px;border-top:1px solid #e0e0e0">On 04/19/2017 03:56 AM, Ron Ben wrote:<br>&gt; Hi,<br>&gt; I'm using PostgreSQL 9.3.2<br>&gt; I'm running the command:<br>&gt;<br>&gt;<br>&gt; psql -h testserver -U ronb -f backup.sql -q -d foldertest 2&gt;error.txt<br>&gt;&gt;output.txt<br><br>What was the command that created backup.sql?<br><br>&gt;<br>&gt; This should generate my database in foldertest<br>&gt;<br>&gt; However this doesn't work. It's unable to create schemas<br>&gt;<br>&gt; in the error.txt i see "permission denied for database foldertest".<br><br>What user is the foldertest owner?<br><br>In psql l will tell you this.<br><br>&gt;<br>&gt; I know this is not an access permission issue because there is a public<br>&gt; schema which is buildin and it does create the tables/data in there.<br><br>Because the public schema is by default open to all:<br><br><a href="https://www.postgresql.org/docs/9.6/static/ddl-schemas.html">https://www.postgresql.org/docs/9.6/static/ddl-schemas.html</a><br><br>"A user can also be allowed to create objects in someone else's schema. <br>To allow that, the CREATE privilege on the schema needs to be granted. <br>Note that by default, everyone has CREATE and USAGE privileges on the <br>schema public. This allows all users that are able to connect to a given <br>database to create objects in its public schema. ... "<br><br><br>&gt;<br>&gt; It just cant create new schemas.<br><br>In psql do dn+, that will show schema owners and who else has privileges.<br><br>For what the different privileges are and how they are represented in <br>the above output see:<br><br><a href="https://www.postgresql.org/docs/9.6/static/sql-grant.html">https://www.postgresql.org/docs/9.6/static/sql-grant.html</a><br><br>&gt;<br>&gt;<br>&gt;<br>&gt; The intresting thing is that if I do:<br>&gt;<br>&gt; psql -h testserver -U postgres -f backup.sql -q -d foldertest<br>&gt; 2&gt;error.txt &gt;output.txt<br>&gt;<br>&gt;<br>&gt;<br>&gt; Everything works. It create all schemas and generate the database correctly.<br><br>Because the postgres user is a superuser and can do anything.<br><br>&gt;<br>&gt; I don't see any diffrent in the hba.conf between postgres and ronb users.<br><br>That is not the issue. pg_hba determines who can connect, what you are <br>seeing is the Postgres privilege system determining what a user can do <br>once they are connected. If it had been a pg_hba rejection you would <br>have seen something like:<br><br>aklaver(at)tito:~&gt; psql -d production -U guest -h localhost<br>psql: FATAL: no pg_hba.conf entry for host "::1", user "guest", <br>database "production", SSL on<br>FATAL: no pg_hba.conf entry for host "::1", user "guest", database <br>"production", SSL off<br><br><br>To get an overview of what users there are in your database cluster in <br>psql do du<br><br><br>&gt;<br>&gt; What can be the problem?<br>&gt;<br><br><br>-- <br>Adrian Klaver<br>adrian(dot)klaver(at)aklaver(dot)com<br><br><br>-- <br>Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)<br>To make changes to your subscription:<br><a href="http://www.postgresql.org/mailpref/pgsql-general">http://www.postgresql.org/mailpref/pgsql-general</a><br><br><br></blockquote></blockquote><br></div>

Attachment Content-Type Size
unknown_filename text/html 4.5 KB

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Adrian Klaver 2017-04-19 13:49:07 Re: tuple statistics update
Previous Message Adrian Klaver 2017-04-19 13:39:42 Re: Unable to upload backups