PostgreQSL pg_dump with specific user - postgresql

I am writing a backup script for a PostgreSQL database. I want to execute the script by a cron job.
First I created a system user "backup"
In psql I executed the following statements:
CREATE USER backup;
GRANT CONNECT ON DATABASE confluence TO backup;
GRANT USAGE ON SCHEMA public TO backup;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO backup;
First of all was there any fatal error in above statements or is there a serious security issue?
Is it right that the user backup is a read-only user? That was what I read in a tutorial but to be honest I have no idea what SCHEMA / schemes are...
When executing pg_dump as user backup I get the following:
pg_dump: [archiver (db)] query failed: ERROR: permission denied for relation EVENTS
pg_dump: [archiver (db)] query was: LOCK TABLE public."EVENTS" IN ACCESS SHARE MODE
As I am a absolute noob to databases I want to ask you before I add more and more statements without knowing what I do...
I am running psql (PostgreSQL) 10.5 on Ubuntu 10.5-0ubuntu0.18.04

Related

Dump broken Postgres database

I have database, it's work, but has some problems. I need to migrate database to new Version Postgres, so when I try to make dump with pg_dump or pg_dumpall I got somethink like this:
pg_dump: [archiver (db)] query failed: ERROR: unexpected chunk number 2 (expected 0) for toast value 78482 in pg_toast_2618
pg_dump: [archiver (db)] query was: SELECT pg_catalog.pg_get_viewdef('78478'::pg_catalog.oid) AS viewdef
But, if I make dump only one separate table it works.
I want to make dump by piecemeal. I already got structure of all tables, script for create actual indexes. When I made pg_dumpall of other normal database, I saw in dump-file something like:
ALTER TABLE ONLY schema_name.table_name ALTER COLUMN id_column SET DEFAULT nextval('sequence_name'::regclass);
I need write script which set sequence for each table, where I can to see matching between sequences and tables?
Someone has expirience in such migration? Which problems waits me later? There are special instruments for migration database postgres? Any diferent solutions?

AWS RDS Postgres error while taking the dump

When I try to take PostgresDump (AWS RDS) the following error I am getting:
ERROR: permission denied for relation dms_stats_detailed
pg_dump: error: query was: LOCK TABLE table_name IN ACCESS SHARE MODE
I am having admin permission though (with Master User).
You need to run pg_dump with a database user (the -U option) that has permission to read the tables you are dumping.

postgres: error: db doesnt exist ( psql create user case senstivity issue)

I have this database triviaDB that i am connecting to from a flask-sqlalchemy 'postgresql://devuser:devpass#localhost:5432/triviaDB'however it's giving me a programing error psycopg2: auth not allowed.
so i use the following commands in psql to try and give devuser authorization on this database but here is the problem
when i run GRANT ALL PRIVILEGES ON DATABASE triviaDB to devuser; iget this error:
ERROR: database "triviadb" does not exist
when i quote the db name GRANT ALL PRIVILEGES ON DATABASE 'triviaDB' TO devuser; i get this :
ERROR: syntax error at or near "'triviaDB'"
If the DB name was created with upper cases, you need to use double quotes:
GRANT ALL PRIVILEGES ON DATABASE "triviaDB" to devuser;

How do I dump a Google Cloud SQL for PostgreSQL DB to import back into a regular PostgreSQL DB?

I am trying to export my data from a Google Cloud SQL (PostgreSQL) instance in order to import it into a regular Postgres DB using pg_dump and pg_restore:
pg_dump -h sql_proxy -F t --no-owner --no-acl > backup.tar
pg_restore backup.tar -c
However, when running pg_restore I get these errors:
pg_restore: [archiver (db)] Error while PROCESSING TOC: pg_restore:
[archiver (db)] Error from TOC entry 197; 1259 17010 TABLE xxx
postgres pg_restore: [archiver (db)] could not execute query: ERROR:
role "postgres" does not exist
Command was: ALTER TABLE public.xxx OWNER TO postgres;
pg_restore: [archiver (db)] Error from TOC entry 198; 1259 17017 TABLE
xxy postgres pg_restore: [archiver (db)] could not execute query:
ERROR: role "postgres" does not exist
Command was: ALTER TABLE public.xxy OWNER TO postgres;
...
I tried a few variations of flags with no luck. I found many articles on how to migrate the other way around (from PostgreSQL to Google Cloud SQL for PostgreSQL) and the Google Cloud docs only describe how to export data to be imported into a Cloud SQL DB again.
I would appreciate any help on how to avoid the errors above and how to migrate the DB with as little changes as possible.
You need to have the roles that are referenced already pre-created in the instance where you want to import the dump.
There are two ways to achieve that:
use pg_dumpall instead of pg_dump or
pg_dumpall --globals-only and then restore that dump (this will create the roles among other things)

PostgreSQL database dump: makes it sense to grant all privileges on user backup?

I want to make a database backup of a postgresql database.
I did this on my existing database:
sudo -u postgres psql oder psql -U postgres
CREATE USER backup;
ALTER USER backup WITH PASSWORD 'new_password';
GRANT CONNECT ON DATABASE confluence TO backup;
GRANT CONNECT ON DATABASE taiga TO backup;
GRANT USAGE ON SCHEMA public TO backup;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO backup;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT ON TABLES TO backup;
If I run pg_dump -Fc confluence > dumpfile I get
pg_dump: [archiver (db)] query failed: ERROR: permission denied for relation EVENTS
pg_dump: [archiver (db)] query was: LOCK TABLE public."EVENTS" IN ACCESS SHARE MODE
In Permission denied for relation I read that this would help:
GRANT ALL PRIVILEGES ON TABLE confluence TO backup;
I wonder if it is the rigth way to give all privileges to a backup user who shall not have the permissions to write the database. I want it to be a read only user.
Is this a nonsense requirement?
What do you suggest me to do instead?
In addition to grant CONNECT permission on the database and SELECT permission on all tables (in the public schema), you also need to grant select on all sequences (in the public schema).
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO <user>
to to summarize:
--Create user
CREATE USER backup;
ALTER USER backup WITH PASSWORD 'new_password';
--Grant read only privileges
GRANT CONNECT ON DATABASE <database> TO backup;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO backup;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO backup; -- new!
--Automatically grant read only privileges on new tables
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT ON TABLES TO backup;