pgbackman icon indicating copy to clipboard operation
pgbackman copied to clipboard

Published 20 hours ago verified publisher icon rafaelma

Can not write to /etc/cron.d

Open yerrysherry opened this issue 7 years ago • 4 comments

Hallo,

After changing the backup directory to /export (update_pgsql_node_config) and restarting the daemons, pgbackman refused to create the con file. I think, he tries to create it with his user name instead of root.

2017-12-17 22:06:19,180 [pgbackman_control][22294][INFO]: UID: 999 abd GID: 999 defined for the directory /export/pgsql_node_3/log 2017-12-17 22:06:19,187 [pgbackman_control][22294][ERROR]: Problems creating/updating the crontab file: /etc/cron.d/pgsql_node_3 - [Errno 13] Permission denied: u'/etc/cron.d/pgsql_node_3' 2017-12-17 22:06:19,200 [pgbackman_control][22294][ERROR]: Problems creating/updating the crontab file: /etc/cron.d/pgsql_node_3 - [Errno 13] Permission denied: u'/etc/cron.d/pgsql_node_3'

Regards, Gerrit

yerrysherry avatar Dec 17 '17 22:12 yerrysherry

Hallo,

root@pgbackman:/etc/cron.d# cd /etc root@pgbackman:/etc# chmod 777 cron.d root@pgbackman:/etc# cd /etc/cron.d root@pgbackman:/etc/cron.d# ls mdadm pgsql_node_1 pgsql_node_3 popularity-contest sysstat root@pgbackman:/etc/cron.d# ls -l total 20 -rw-r--r-- 1 root root 589 Jul 16 2014 mdadm -rw-r--r-- 1 root root 573 Dec 17 17:05 pgsql_node_1 -rw-r--r-- 1 pgbackman pgbackman 819 Dec 17 22:23 pgsql_node_3 -rw-r--r-- 1 root root 190 Dec 12 14:23 popularity-contest -rw-r--r-- 1 root root 396 Jan 27 2016 sysstat

Regards, Gerrit

yerrysherry avatar Dec 17 '17 22:12 yerrysherry

Hello, using "chmod 777 /etc/cron. d" is a bad idea: Any user of the server can create a job under any user. Maybe an "interim" solution would be to change the group?

chown root:pgbackman /etc/cron.d chmod 774 /etc/cron.d

It's not perfect, but it seems less permissive to me. Yours sincerely,

ng-pe avatar Dec 20 '17 14:12 ng-pe

Indeed, but the owner and group of the scripts in /etc/cron.d must be root for executing the scripts. If not the scripts fail to execute. The problem is that the daemon runs as pgbackman and when he wants to write in /etc/cron.d, the daemon must have root permissions to do it.

yerrysherry avatar Dec 21 '17 21:12 yerrysherry

Hello, thank you for your feedback.

This is a bug in the systemd configuration files used by pgbackman. They define user and group as pgbackman and they should be root. As ng-pe says, it is not a good idea to use chmod 777 on /etc/cron.d

This is an error in the test procedure that we will try to improve. regards, Rafael Martinez Guerrero

rafaelma avatar Dec 30 '17 04:12 rafaelma