Re: How to implement backup protocol

From: Ragnar <gnari(at)hive(dot)is>
To: Andrus <eetasoft(at)online(dot)ee>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: How to implement backup protocol
Date: 2006-11-28 20:12:14
Message-ID: 1164744734.27070.187.camel@localhost.localdomain
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On þri, 2006-11-28 at 19:23 +0200, Andrus wrote:
> Richard,
>
> I really do'nt want to open separate port for backup only.
> Pelase, can you recomment a solution which uses port 5432 owned by Postgres

I do not want to advice you to do things that might be
counter your company's security policies, but you
could set up a portforwarder on your database machine to
pass incoming port 5432 requests from the backup machine
to sshd, but let all other source ips go to postgres

alternatively, if you have control of cron, and if
the firewall restrictons are for incoming only, and
if you have open ssh port on some other machine, such
as the backupserver, you can have cron do the compressed
backup, and send it via scp to the backupserver.

> How to force postmaster to run the tool which system provides when it
> receives backup request instead of postgres child process ?

if you cannot control cron, but the firewall restrictions are only for
incoming requests, you might try using some
untrusted procedural language to start a backup script
locally, that finishes by copying the compressed backup
to the backupserver.

whatever you choose to do, you should still get
permission to do it. security admins are not amused
when users use tricks to get around restrictons.

maybe they would consider opening the ssh port if
you make it clear that they may restrict it to
requests from the backup machine?

gnari

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Martijn van Oosterhout 2006-11-28 20:14:22 Re: backend crash following load command
Previous Message Tony Caduto 2006-11-28 20:10:17 Re: Only MONO/WinForms is a way to go