Re: How to restore roles without changing postgres password
Adrian Klaver <adrian.klaver@aklaver.com>
From: Adrian Klaver <adrian.klaver@aklaver.com>
To: Andrus <kobruleht2@hot.ee>, Justin <zzzzz.graf@gmail.com>,
pgsql-general@postgresql.org
Date: 2020-02-12T16:39:27Z
Lists: pgsql-general, pgsql-docs
On 2/11/20 11:31 PM, Andrus wrote:
> Hi!
> Thank you.
> >pg_dumpall creates an SQL file which is just a simple text file
> >you can then edit sql removing postgres user from the file
> >This can be automated in a script that searches the generated sql file
> for the postgres user replacing it with a blank/empty line or adds --
> to the bringing of >the line which comments it out.
> This script creates cluster copy in every night. So this should be done
> automatically.
> I have little experience with Linux.
> Can you provide example, how it should it be done using sed or other tool.
> There is also second user named dbandmin whose password cannot changed
> also.
> It would be best if CREATE ROLE and ALTER ROLE clauses for postgres
> and dbadmin users are removed for file.
Then we would get all sorts of posts about why they are not showing up
anymore. This suggestion is a non starter.
> Or if this is not reasonable, same passwords or different role names can
> used in both clusters.
They can be, you just have to track/manipulate that yourself. What it
comes down to is that the Postgres project is not the admin for
everyone's install.
> Also I dont understand why GRANTED BY clauses appear in file. This looks
> like noice.
> GRANT documentation
> https://www.postgresql.org/docs/current/sql-grant.html
> does not contain GRANTED BY clause. It looks like pg_dumpall generates
> undocumented clause.
It is not noise, see:
~/src/bin/pg_dump/pg_dumpall.cpg_dumpall.c
/*
* We don't track the grantor very carefully in the backend, so cope
* with the possibility that it has been dropped.
*/
if (!PQgetisnull(res, i, 3))
{
char *grantor = PQgetvalue(res, i, 3);
fprintf(OPF, " GRANTED BY %s", fmtId(grantor));
}
fprintf(OPF, ";\n");
> Andrus.
--
Adrian Klaver
adrian.klaver@aklaver.com
Commits
-
Doc: fix old oversights in GRANT/REVOKE documentation.
- dce988145f7e 13.0 landed
- a56c495873c8 10.13 landed
- 804a650e4b0c 9.6.18 landed
- 736ba917f484 11.8 landed
- 2efefd28add2 12.3 landed
- 2b9d4ec1d3c0 9.5.22 landed