DB Backup password?

voljka · October 10, 2019, 10:26am

Hello. When testing backup script as zamad user, backup failed because of unknown db password.
When running backup script as root, no problem.
I set debug=yes in config, and got this log from backup script (running as zamad user):

adapter=postgresql dbname=zammad dbuser=zammad dbpass=
timestamp is 20191010125739
backup dir is /var/tmp/zammad_backup
creating file backup…
creating postgresql backup…
Password:
su: Authentication failure
mv: cannot stat ‘/tmp/20191010125739_zammad_db.psql.gz’: No such file or directory
-# Zammad backuped successfully - Thu Oct 10 12:58:14 EEST 2019!

/opt/zammad/config/database.yml has no password.

My installation on Centos 7, installed from package, ver 3.1.x (upgraded via software update).

MrGeneration · October 10, 2019, 11:23am

We had this topic several times by now.
Please try to search a bit more.

I suspect that you’re running your backup as anyone else than root.
If so, the following applies to you: https://github.com/zammad/zammad/issues/2705

The default backup script does a simple change owner to pgsql and runs the backup as pgsql which has access rights on the Zammad-DB (based on sockets). postgresql is by default not using any password and uses socks authentication.

So in short: The method used to backup the database in the script requires rights to change the user to pgsql. This is normally nothing you want to allow to a normal user without authentication.

As workaround you simply change the backup function as implied on my Github post.
Please don’t forget, if you do, to copy the backup files away to ensure a backup doesn’t remove your changes.

voljka · October 10, 2019, 11:37am

Thanks a lot! So, in the end, i need to run backup cron task as root.
P.S. Before posting I RTFM. There is a NOTE, about running backups as zammad. And warning about problem with running backups as root: Backup permission issue: Could not change directory.
But correct answer for ready to use/packaged installation are not in Docs » Backup and Restore, but on GitHub.
I rest my case. ©

MrGeneration · October 10, 2019, 11:39am

Oh boy, I was a bit too harsh there, sorry.

I’ll add the second issue as remark to the documentation soon™ to make it clearer in the future!

voljka · October 10, 2019, 11:41am

It’s ok. But is it better to actually use db password in config file?

MrGeneration · October 10, 2019, 11:47am

I’d say yes and no.
It depends on your use case.

If you e.g. already have a postgresql host (or want to run services independed from each other), you need the password to tell Zammad where to find it’s database and how to authenticate.

In a normal use case I’d say the way it is (user based authentication) should be good enough.
Just my opinion though.

This will be adressed by this PR:

system · February 7, 2020, 11:54am

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.