On Mon, Jan 4, 2016 at 12:55:16PM -0500, Stephen Frost wrote:
> I'd like to be able to include, in both of those, a simple set of
> instructions for granting the necessary rights to the user who is
> running those processes. A set of rights which an administrator can go
> look up and easily read and understand the result of those grants. For
> example:
>
...
> pgbackrest:
>
> To run pgbackrest as a non-superuser and not the 'postgres' system
> user, grant the pg_backup role to the backrest user and ensure the
> backrest system user has read access to the database files (eg: by
> having the system user be a member of the 'postgres' group): ------
Just to clarify, the 'postgres' OS user group cannot read the data
directory, e.g.
drwx------ 19 postgres staff 4096 Jan 17 12:19 data/ ^^^group
I assume we don't want to change that.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription +