Postgres Bug #8545 pg_dump fails to dump database grants BY: LLOYD ALBIN 11/5/2013.

Slides:



Advertisements
Similar presentations
Unit Testing Postgres with pgTAP
Advertisements

Finding and Reporting Postgres Bug #8257 BY: LLOYD ALBIN 8/6/2013.
By: Lloyd Albin 11/6/2012. Serials are really integers that have a sequence attached to provide the capability to have a auto incrementing integer. There.
How to corrupt your data by accident BY: LLOYD ALBIN 9/3/2013.
Inter Process Communication:  It is an essential aspect of process management. By allowing processes to communicate with each other: 1.We can synchronize.
System Administration Accounts privileges, users and roles
Export/Import in Dspace & Backup ARD Prasad. Where Dspace stores data /dspace/assetstore directory will have all the  Bitstreams and licenses PostgreSQL.
Kirkwood Center for Continuing Education Introduction to PHP and MySQL By Fred McClurg, Copyright © 2010 All Rights Reserved. 1.
Database Backup and Recovery
Phil Brewster  One of the first steps – identify the proper data types  Decide how data (in columns) should be stored and used.
PostGres SQL Presented by : Chandan, Markandey Amit, Kiran Harshada, Prachi.
Getting Started with Oracle11g Abeer bin humaid. Create database user You should create at least one database user that you will use to create database.
Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io
1 Introduction to PostgreSQL. 2 Documents PostgreSQL 8 for Windows (*) Beginning Databases with PostgreSQL From Novice to Professional, Second Edition.
Finding and Reporting Postgres Bug #8291 BY: LLOYD ALBIN 8/6/2013.
PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.
How KeePass password safe can save you time and energy
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
IOS110 Introduction to Operating Systems using Windows Session 8 1.
Amazon RDS for PostgreSQL
Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.
Kirkwood Center for Continuing Education Introduction to PHP and MySQL By Fred McClurg, Copyright © 2015, Fred McClurg, All Rights.
Module 5: Upgrading to SQL Server 7.0. Overview Planning an Upgrade Preparing to Upgrade Verifying the Upgrade Setting a Compatibility Level.
17 Copyright © Oracle Corporation, All rights reserved. Recovery Catalog Creation and Maintenance.
 Auditing  Add User Accounts from NAP – Privileged and Non-Privileged  Remove a User Account from Enterprise – this does not affect the NAP account.
Introduction to AFS IMSA Intersession 2003 AFS Servers and Clients Brian Sebby, IMSA ‘96 Copyright 2003 by Brian Sebby, Copies of these.
PostgreSQL ORDBMS. Server Hierarchy Managing Databases create database name; createdb name At the time of initialisation of Data Storage area by.
When I want to work with SQL, I start off as if I am doing a regular query.
Drupal Workshop Introduction to Drupal Part 2: User/role management, Choosing/installing contributed modules, Transferring a site between servers.
MA194Using WindowsNT1 Topics for the day… WindowsNT Security WindowsNT File System (NTFS) Viewing/Setting Document and Folder Permissions Access Control.
MySQL and GRID status Gabriele Carcassi 9 September 2002.
© Copyright 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted Module 11.
Greg Thain Computer Sciences Department University of Wisconsin-Madison Configuring Quill Condor Week.
1 Introduction to NTFS Permissions Assign NTFS permissions to specify Which users and groups can gain access to folders and files What they can do with.
Agenda for Class 2/20/2014 Introduce Microsoft’s SQL Server database management system. Use the lab to discuss how to CREATE, DROP and populate (INSERT)
Test Automation For Web-Based Applications Portnov Computer School 1 Selenium HP Web Test Tool Training.
Administrator Data Entry Training for Maintenance (Mx) LOSA and Ramp LOSA Database Software 11/26/2016.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
Oracle 11g: SQL Chapter 7 User Creation and Management.
SQL Server Administration. Overview  Security  Server roles  Database roles  Object permissions  Application roles  Managing data  Backups  Restoration.
What is PostgreSQL? Object-relational database management system (ORDBMS) Based on POSTGRES at Berkeley Computer Science Department. Sponsored by the Defense.
3 Copyright © 2007, Oracle. All rights reserved. Using the RMAN Recovery Catalog.
Introduction to AFS IMSA Intersession 2003 Managing AFS Services Brian Sebby, IMSA ‘96 Copyright 2003 by Brian Sebby, Copies of these slides.
Module 6: Administering Reporting Services. Overview Server Administration Performance and Reliability Monitoring Database Administration Security Administration.
SQL Server Security Basics Starting with a good foundation Kenneth Fisher
SQL Basics Review Reviewing what we’ve learned so far…….
Cosc 5/4765 Database security. Database Databases have moved from internal use only to externally accessible. –Organizations store vast quantities of.
Partitioning & Creating Hardware Tablespaces for Performance
Database and Cloud Security
Controlling User Access
IBM Connections Side by Side/ In Place migration 5.5 / 6.0
IS221: Database Management
Introduction to NTFS Permissions
Oracle Database for APM 9.1
Outsourcing Database Administration
Access, Users, Permissions
SQL Server Security For Everyone
HW7: Database Application
Who Has What to Which? (The Permissions Superset)
Migration to SharePoint 2013
DevOps Database Administration
DevOps Database Administration
Making PowerShell Useful
Making PowerShell Useful
Intermediate Security Topics in SQL SERver
Copyright © 2013 – 2018 by Curt Hill
Administrator’s Manual
Database Backup and Recovery
Access Click on file and then you want a new database.
Presentation transcript:

Postgres Bug #8545 pg_dump fails to dump database grants BY: LLOYD ALBIN 11/5/2013

Performing backups Most people use pg_dumpall to dump the servers global objects such as roles and tablespaces but no databases. Then they will use pg_dump to backup each individual database in a compressed format and possibly multi-job. pg_dumpall does not do either of these. When upgrading to a new server, we noticed that some of our permissions did not transfer and after looking into it we found that pg_dump fails to dump the database level grants. I have tested and found this to be an issue with Postgres , 9.2.4, 9.3.0, & 9.3.1

Create a test database The first thing we need to do is to create a test databases for our example. createdb -h sqltest lloyd_test CREATE DATABASE lloyd_test WITH OWNER = postgres ENCODING = 'UTF8' TEMPLATE = template0;

Creating an extra user Here are two different ways to add a second user to the server. createuser –h sqltest –e dw CREATE ROLE dw WITH LOGIN PASSWORD 'test';

Database Grant This allows user/role dw to be able to create new schemas within the lloyd_test database. GRANT CREATE ON DATABASE lloyd_test TO dw;

Backing up the Globals This is the normal command that most people will use to backup their global information, ROLES, TABLESPACES, etc. pg_dumpall --globals-only -h sqltest > cluster.sql

Backing up the database The deletion fails just as expected, due to the foreign key relationship. pg_dump -h sqltest -f lloyd_test.pgdump -Fc lloyd_test

Looking at the cluster Here is the contents of the cluster.sql file. No database grants here and we would not expect them here anyways because the database has not been created yet. psql –h sqltest –d lloyd_test_1 –f delete.sql

How to look at the pgdump file Here are two ways to look at the contents of the compressed dump file format. 1)The directory/index list of the file. 2)Output the SQL into a file. pg_restore -l lloyd_test.pgdump pg_restore lloyd_test.pgdump > lloyd_test.sql

The List Here is the list format of the pgdump file and it does not show the database grant. ; ; Archive created at Mon Oct 14 12:08: ; dbname: lloyd_test ; TOC Entries: 8 ; Compression: -1 ; Dump Version: ; Format: CUSTOM ; Integer: 4 bytes ; Offset: 8 bytes ; Dumped from database version: ; Dumped by pg_dump version: ; ; Selected TOC Entries: ; 2527; DATABASE – lloyd_test postgres 5; SCHEMA - public postgres 2528; 0 0 COMMENT - SCHEMA public postgres 2529; 0 0 ACL - public postgres 170; EXTENSION - plpgsql 2530; 0 0 COMMENT - EXTENSION plpgsql

The SQL Here is the SQL that would be run during a pg_restore process. I have removed some of the comments and blank lines so that the file easily fits on this slide. Please note that this does not show the database grant. -- PostgreSQL database dump SET statement_timeout = 0; SET client_encoding = 'UTF8'; SET standard_conforming_strings = on; SET check_function_bodies = false; SET client_min_messages = warning; -- Name: plpgsql; Type: EXTENSION; Schema: -; Owner: CREATE EXTENSION IF NOT EXISTS plpgsql WITH SCHEMA pg_catalog; -- Name: EXTENSION plpgsql; Type: COMMENT; Schema: -; Owner: COMMENT ON EXTENSION plpgsql IS 'PL/pgSQL procedural language'; -- Name: public; Type: ACL; Schema: -; Owner: postgres REVOKE ALL ON SCHEMA public FROM PUBLIC; REVOKE ALL ON SCHEMA public FROM postgres; GRANT ALL ON SCHEMA public TO postgres; GRANT ALL ON SCHEMA public TO PUBLIC; -- PostgreSQL database dump complete

Response about the issue On :17, wrote: Most people I know, including myself, use pg_dumpall -g to dump out the globals such as user accounts and then use pg_dump -Fc or -Fd to dump out their databases in the compressed formats. When doing this method the database level grants have been missed, although if people used the pg_dumpall to dump the entire server they will be dumped, but not in a compressed format that they can use with pg_restores multi-job. Lloyd, this is not a bug. pg_dump doesn't dump global objects such as databases, roles and tablespaces. Hence grants are not presented in your dump. If you want global objects use pg_dumpall. -- Euler Taveira Timbira - PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento

My response to them Euler, Basically pg_dump is to dump everything about a database, and since the grant is on the database itself, it should be part of the database dump especially since it is not a global value across databases like roles and tablespaces. But let's go with you theory that it is a global object that pg_dumpall should dump. Well it does not dump it when you dump the globals via pg_dumpall via the -g because pg_dumpall does not consider databases and their objects to be global objects, see the pg_dumpall docs. In fact there is no dump flag to get this information dumped so that it can be recreated on a new server or an upgraded server. This is the true bug that I am showing, that the backup methods that most people use, will not backup this database object and they will lose these permissions when upgrading servers unless they manually document and execute the changes that they need to make. Lloyd

Silence

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.