BUG #16795: Can't give "grant execute on pg_start_backup to .." - Mailing list pgsql-bugs
| From | PG Bug reporting form |
|---|---|
| Subject | BUG #16795: Can't give "grant execute on pg_start_backup to .." |
| Date | |
| Msg-id | 16795-0d02ad33c474bfbe@postgresql.org Whole thread Raw |
| Responses |
Re: BUG #16795: Can't give "grant execute on pg_start_backup to .."
|
| List | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 16795
Logged by: Ken
Email address: ken.karma@gmail.com
PostgreSQL version: 13.1
Operating system: CentOS Linux release 7.9.2009
Description:
I'm want to make backup user who haven't SUPERUSER, but have "Replication"
role what must be enough, in document:
25.3.3.1. Making a Non-Exclusive Low-Level Backup
A non-exclusive low level backup is one that allows other concurrent backups
to be running (both those started using the same backup API and those
started using pg_basebackup).
Ensure that WAL archiving is enabled and working.
Connect to the server (it does not matter which database) as a user with
rights to run pg_start_backup (superuser, or a user who has been granted
EXECUTE on the function) and issue the command:
SELECT pg_start_backup('label', false, false);
But I can't give this grant:
psql -U postgres
psql (13.1)
Type "help" for help.
postgres=# create role backup replication login;
CREATE ROLE
postgres=# grant pg_read_all_settings to backup ;
GRANT ROLE
postgres=# grant SELECT on pg_start_backup to backup ;
ERROR: relation "pg_start_backup" does not exist
postgres=# grant EXECUTE on pg_catalog.pg_start_backup to backup ;
ERROR: relation "pg_catalog.pg_start_backup" does not exist
postgres=# grant SELECT on pg_catalog.pg_start_backup to backup ;
ERROR: relation "pg_catalog.pg_start_backup" does not exist
postgres=# select pg_start_backup('Daily backup');
pg_start_backup
-----------------
0/10000028
(1 row)
postgres=# \df pg_start_backup ;
List of functions
Schema | Name | Result data type |
Argument data types | Type
------------+-----------------+------------------+------------------------------------------------------------------------+------
pg_catalog | pg_start_backup | pg_lsn | label text, fast boolean
DEFAULT false, exclusive boolean DEFAULT true | func
(1 row)
[root@host.test.mta ~]# psql -U backup postgres
psql (13.1)
Type "help" for help.
postgres=> select pg_start_backup('Daily backup');
ERROR: permission denied for function pg_start_backup
postgres=> \du+
List of roles
Role name | Attributes |
Member of | Description
-----------+------------------------------------------------------------+------------------------+-------------
backup | Replication |
{pg_read_all_settings} |
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
|
In PostrgreSQL log:
2020-12-28 19:20:07.696 EET postgres postgres [10076]ERROR: relation
"pg_catalog.pg_start_backup" does not exist
2020-12-28 19:20:07.696 EET postgres postgres [10076]STATEMENT: grant
EXECUTE on pg_catalog.pg_start_backup to backup ;
2020-12-28 19:21:48.853 EET postgres postgres [10076]ERROR: relation
"pg_catalog.pg_start_backup" does not exist
2020-12-28 19:21:48.853 EET postgres postgres [10076]STATEMENT: grant
SELECT on pg_catalog.pg_start_backup to backup ;
2020-12-28 20:18:30.281 EET postgres backup [12482]ERROR: permission denied
for function pg_start_backup
2020-12-28 20:18:30.281 EET postgres backup [12482]STATEMENT: select
pg_start_backup('Daily backup');
Do I miss something, why can't I give execute on pg_start_backup to user
backup?
pgsql-bugs by date: