Re: Help automate pg_dump - Mailing list pgsql-general

From Robert Treat
Subject Re: Help automate pg_dump
Date
Msg-id 1024408465.19351.59.camel@camel
Whole thread Raw
In response to Help automate pg_dump  (nothanks@nowhere.com)
List pgsql-general
Your best bet is probably some combination of the following:

run your backups from a different machine, setting that ip up with a
trusted connection in pg_hba.conf. (You might be able to do this locally
and force connection over a tcpip socket if you can be sure your users
can only use unix sockets, but it would be better to use a separate
machine) (see
http://www.postgresql.org/idocs/index.php?client-authentication.html#PG-HBA-CONF)

try using the ident authentication type in pg_hba.conf, which (iirc)
verifies the attempted postgres username as matching the unix user name
(unless your giving everyone access to the postgres unix user, which is
a bad idea(tm). (see
http://www.postgresql.org/idocs/index.php?auth-methods.html#AEN16445)

set the environment variable PGPASSWORD at the shell level. psql should
use this variable for any prompting done by the database, but be
forewarned that this method has its own security issues. (see
http://www.postgresql.org/idocs/index.php?libpq-envars.html)

create a "backups" user that only has read rights to the database and
use that user for the sole purpose of backups.
(http://www.postgresql.org/idocs/index.php?user-manag.html)

hope this helps,
Robert Treat

On Mon, 2002-06-17 at 22:01, nothanks@nowhere.com wrote:
> We just upgraded from 7.1.3 to 7.2.1 and are at a loss on how to
> script the pg_dump routine. We use this tool for backup, but can not
> get around the requirement for username/password to be interactive.
>
> We require login from the localhost, and can not revert to trusted
> connections.
>
> If the username/password must be interactive, how can I script backup
> of the server?
>
> Evan,
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly



pgsql-general by date:

Previous
From: Richard Huxton
Date:
Subject: Re: Monitoring postgres slowdowns
Next
From: Richard Huxton
Date:
Subject: Re: Stored Procedures for Shell Execution