pg_integrity_check
pg_integrity_check — calculate and validate checksums for controlled files (certified edition only)
Synopsis
pg_integrity_check
[connection-option
...] [ -s | --system ] [ -u | --user ] [ -c | --catalog ] [ -o | --output ] [ -l filename
| --log=filename
] [ --syslog ] [ -D datadir
] [ -C filename
] [ -v | --verbose ] [ -? | --help ]
Description
pg_integrity_check
is a utility provided with Postgres Pro Standard that can calculate and validate checksums for the objects you would like to control. When running pg_integrity_check
, you must specify at least one of the options that define the type of the controlled objects: -s
, -u
, or -c
for read-only files, additional files, or system catalog tables, respectively.
If you use the -o
option, pg_integrity_check
calculates checksums and writes them into configuration files under the share/security/
directory. You must have write access to the corresponding files to perform this command. You cannot use the -o
option together with the -s
option, since a checksum for read-only files cannot be overwritten.
If you omit the -o
option, pg_integrity_check
compares the calculated checksums with the corresponding checksums in the configuration files. If the checksums differ for any of the controlled objects, pg_integrity_check
displays a message indicating the difference.
For details on using pg_integrity_check
, see Section 31.2.
Options
connection-options
Standard options for connecting to a database:
-d
,-h
,-p
,-U
. You must specify-d
and-U
options when validating checksums for catalog tables with the-c
option. For detailed description of connection options, see psql.-s
--system
Validate checksums for read-only files. Checksums for read-only files control both file contents and file attributes.
-u
--user
Validate checksums for additional files. Checksums for additional files control both file contents and file attributes.
-c
--catalog
Validate checksums for system catalog tables. For the
-c
option to work correctly, you must also specify connection parameters for the database. The database server must be started and accept connections.-o
--output
Recalculate checksums and write it into a file.
-l
filename
--log=
filename
Write checksum validation results into a log file.
--syslog
Write checksum validation results into the syslog.
-D
datadir
Data directory of the database cluster. This option is required to define the filenames for the generated configuration files when using
-u
option.-C
filename
The absolute path to the configuration file used for integrity checks of system catalog tables of the selected database. If used with the
-o
option,pg_integrity_check
writes into the specified file. If no other option is used,pg_integrity_check
checks data against the specified file.-v
--verbose
Print debugging information.
-?
--help
Print command-line help.
Return Values
0 — checksums are calculated or validated successfully.
1 — an error occurred during the initial checksum calculation for read-only files.
2 — checksum validation revealed changes in one or more of the controlled objects.
3 — an unexpected error occurred during checksum validation.
Examples
Compute checksums for additional files and write them into the share/security/_var_lib_pgpro_std-16_data.user.conf
configuration file:
pg_integrity_check -u -o -D /var/lib/pgpro/std-16/data
Check integrity of all controlled objects in the postgres
database on behalf of the postgres
user:
pg_integrity_check -s -u -c -D /var/lib/pgpro/std-16/data -d postgres -h localhost -p 5432 -U postgres