[pkg-bacula-devel] Bug#706362: [bacula-director-pgsql] upgrade scripts may not set permissions
Ross Boylan
ross at biostat.ucsf.edu
Sun Apr 28 21:30:38 UTC 2013
Package: bacula-director-pgsql
Version: 5.2.6+dfsg-8
Severity: normal
--- Please enter the report below this line. ---
This was a non-standard useage for debian, since I reached inside some of the
package management scripts, but I thought I'd report it just in case.
The tables added by the scripts in /usr/share/dbconfig-common/data/bacula-director-pgsql/upgrade/pgsql/
do not set the ownership or permissions for tables they create. As a result, after
running 3.0.0, 5.0.0 and 5.2.0 in succession on a database restored from 2.4 backup, I see
bacula=# \dp
Access privileges
Schema | Name | Type | Access privileges | Column access privileges
--------+-----------------------------------+----------+-----------------------+--------------------------
public | basefiles | table | bacula=arwdDxt/bacula |
public | basefiles_baseid_seq | sequence | bacula=rw/bacula |
public | cdimages | table | bacula=arwdDxt/bacula |
public | client | table | bacula=arwdDxt/bacula |
public | client_clientid_seq | sequence | bacula=rw/bacula |
public | counters | table | bacula=arwdDxt/bacula |
public | device | table | bacula=arwdDxt/bacula |
public | device_deviceid_seq | sequence | bacula=rw/bacula |
public | file | table | bacula=arwdDxt/bacula |
public | file_fileid_seq | sequence | bacula=rw/bacula |
public | filename | table | bacula=arwdDxt/bacula |
public | filename_filenameid_seq | sequence | bacula=rw/bacula |
public | fileset | table | bacula=arwdDxt/bacula |
public | fileset_filesetid_seq | sequence | bacula=rw/bacula |
public | job | table | bacula=arwdDxt/bacula |
public | job_jobid_seq | sequence | bacula=rw/bacula |
public | jobhisto | table | |
public | jobmedia | table | bacula=arwdDxt/bacula |
public | jobmedia_jobmediaid_seq | sequence | bacula=rw/bacula |
public | location | table | bacula=arwdDxt/bacula |
public | location_locationid_seq | sequence | bacula=rw/bacula |
public | locationlog | table | bacula=arwdDxt/bacula |
public | locationlog_loclogid_seq | sequence | bacula=rw/bacula |
public | log | table | bacula=arwdDxt/bacula |
public | log_logid_seq | sequence | bacula=rw/bacula |
public | media | table | bacula=arwdDxt/bacula |
public | media_mediaid_seq | sequence | bacula=rw/bacula |
public | mediatype | table | bacula=arwdDxt/bacula |
public | mediatype_mediatypeid_seq | sequence | bacula=rw/bacula |
public | path | table | bacula=arwdDxt/bacula |
public | path_pathid_seq | sequence | bacula=rw/bacula |
public | pathhierarchy | table | |
public | pathvisibility | table | |
public | pool | table | bacula=arwdDxt/bacula |
public | pool_poolid_seq | sequence | bacula=rw/bacula |
public | restoreobject | table | |
public | restoreobject_restoreobjectid_seq | sequence | |
public | status | table | bacula=arwdDxt/bacula |
public | storage | table | bacula=arwdDxt/bacula |
public | storage_storageid_seq | sequence | bacula=rw/bacula |
public | unsavedfiles | table | bacula=arwdDxt/bacula |
public | version | table | bacula=arwdDxt/bacula |
(42 rows)
Spot checking shows the entries with blanks in the access privileges were created
by the scripts.
I run the scripts by su to postgresql, launching emacs, and using sql-postgres mode
to connect to the bacula db. I used \i to include the scripts.
I initially attempted to run as user bacula, but the scripts gave permission
errors when I did so.
It's possible something else in the dbconfig or bacula package infrastructure
ordinarily cleans this up. Even if they do, it would be nice if this useage
worked.
I am assuming the permissions should be set the same for all the files and
indices (separately for each) and will attempt to do that manually.
I was also a little surprised that user bacula was not able to perform
the necessary operations.
--- System information. ---
Architecture: amd64
Kernel: Linux 3.2.0-4-amd64
Debian Release: 7.0
500 testing www.deb-multimedia.org
500 testing security.debian.org
500 testing ftp.us.debian.org
--- Package information. ---
Depends (Version) | Installed
============================================-+-==================
bacula-director-common (= 5.2.6+dfsg-8) | 5.2.6+dfsg-8
bacula-common-pgsql (>= 5.2.6+dfsg-8) | 5.2.6+dfsg-8
dbconfig-common | 1.8.47+nmu1
postgresql-client (>= 7.4) | 9.1+134wheezy3
ucf | 3.0025+nmu3
bacula-common | 5.2.6+dfsg-8
libc6 (>= 2.3.4) | 2.13-38
libcap2 (>= 2.10) | 1:2.22-1.2
libgcc1 (>= 1:4.1.1) | 1:4.7.2-5
libpython2.7 (>= 2.7) | 2.7.3-6
libssl1.0.0 (>= 1.0.0) | 1.0.1e-2
libstdc++6 (>= 4.1.1) | 4.7.2-5
libwrap0 (>= 7.6-4~) | 7.6.q-24
zlib1g (>= 1:1.1.4) | 1:1.2.7.dfsg-13
debconf (>= 0.5) | 1.5.49
OR debconf-2.0 |
Recommends (Version) | Installed
=========================-+-===========
postgresql (>= 7.4) | 9.1+134wheezy3
Suggests (Version) | Installed
=================================-+-===========
gawk |
postgresql-contrib |
postgresql-doc | 9.1+134wheezy3
More information about the pkg-bacula-devel
mailing list