Re: How to restore roles without changing postgres password

Adrian Klaver <adrian.klaver@aklaver.com>

From: Adrian Klaver <adrian.klaver@aklaver.com>
To: Andrus <kobruleht2@hot.ee>, Justin <zzzzz.graf@gmail.com>, pgsql-general@postgresql.org
Date: 2020-02-12T16:39:27Z
Lists: pgsql-general, pgsql-docs
On 2/11/20 11:31 PM, Andrus wrote:
> Hi!
> Thank you.
>  >pg_dumpall creates an SQL file which is just a simple text file
>  >you can then edit sql removing postgres user from  the file
>  >This can be automated in a script that searches the generated sql file 
> for the postgres user  replacing it with a blank/empty line or adds -- 
> to the bringing of >the line which comments it out.
> This script creates cluster copy in every night. So this should be done 
> automatically.
> I have little experience with Linux.
> Can you provide example, how it should it be done using sed or other tool.
> There is also second user named dbandmin whose password  cannot changed 
> also.
> It would be best if  CREATE ROLE and ALTER ROLE  clauses for postgres 
> and dbadmin users are removed for file.

Then we would get all sorts of posts about why they are not showing up 
anymore. This suggestion is a non starter.

> Or if this is not reasonable, same passwords or different role names can 
> used in both clusters.

They can be, you just have to track/manipulate that yourself. What it 
comes down to is that the Postgres project is not the admin for 
everyone's install.

> Also I dont understand why GRANTED BY clauses appear in file. This looks 
> like noice.
> GRANT documentation
> https://www.postgresql.org/docs/current/sql-grant.html
> does not contain GRANTED BY clause. It looks like pg_dumpall generates 
> undocumented clause.

It is not noise, see:

~/src/bin/pg_dump/pg_dumpall.cpg_dumpall.c

/*
* We don't track the grantor very carefully in the backend, so cope
* with the possibility that it has been dropped.
*/
                 if (!PQgetisnull(res, i, 3))
                 {
                         char       *grantor = PQgetvalue(res, i, 3);

                         fprintf(OPF, " GRANTED BY %s", fmtId(grantor));
                 }
                 fprintf(OPF, ";\n");


> Andrus.


-- 
Adrian Klaver
adrian.klaver@aklaver.com



Commits

  1. Doc: fix old oversights in GRANT/REVOKE documentation.