Backup of Roles produces an error

[howardlowndes]

Version

1.11.7

What browsers are you seeing the problem on?

This problem isn't browser related

What happened?

Clean, fresh install with no accounts and only 1 user role. Managed to do a Backup DB to browser OK Trying to execute Backup Roles threw error:

error running pg_dumpall command; (command: 'pg_dumpall' '-g' '-f' '/tmp/bclbk7iaZK'): exited with code 1 at lib/LedgerSMB/Scripts/setup.pm line 445.

What should have happened?

A backup of the Roles to the browser should have occurred,

[ehuelsmann]

Are you logged into setup.pl with a superuser (e.g. 'postgres') or another user (maybe a database owner)?

[howardlowndes]

lsmb_dbadmin

On Sun, 7 Jan 2024, 23:02 Erik Huelsmann, @.***> wrote:

Are you logged into setup.pl with a superuser (e.g. 'postgres') or another user (maybe a database owner)?

— Reply to this email directly, view it on GitHub https://github.com/ledgersmb/LedgerSMB/issues/7909#issuecomment-1880038743, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMS2F7U7D227L2U7OSLM6ITYNKFELAVCNFSM6AAAAABBP5NPJ6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBQGAZTQNZUGM . You are receiving this because you authored the thread.Message ID: @.***>

[ehuelsmann]

Assuming "lsmb_admin" isn't a superuser, could you try with "postgres" and report back?

[howardlowndes]

Away from KB for a few hours

[howardlowndes]

setup.pl will not allow me to login as postgres - blocked by pq_hba.conf

local   all             postgres                                peer
local   all             all                                     peer
host    all             postgres    127.0.0.1/32            reject
host    all             postgres    ::1/128                 reject
host    postgres,template0,template1   lsmb_dbadmin         127.0.0.1/32    scram-sha-256 
host    postgres,template0,template1   lsmb_dbadmin         ::1/128     scram-sha-256 
host    postgres,template0,template1   all          127.0.0.1/32     reject
host    postgres,template0,template1   all          ::1/128      reject
host    all             all             127.0.0.1/32            scram-sha-256
host    all             all             ::1/128                 scram-sha-256
# Allow replication connections from localhost, by a user with the
# replication privilege.
local   replication     all                                     peer
host    replication     all             127.0.0.1/32            scram-sha-256
host    replication     all             ::1/128                 scram-sha-256

[howardlowndes]

The problem might be around here 444 if ($request->{backup} eq 'roles') { 445 $backupfile = $database->backup_globals; 446 $backuptype = 'roles'; 447 $mimetype = 'text/x-sql'; 448 }

[ehuelsmann]

The problem is that on the one hand non-superusers aren't allowed to access global resources (and thus roles) and on the other hand the 'postgres' user isn't allowed to use IP-connections to the database server as per the pg_hba.conf (to any database), which is what the "backup_globals" uses internally.

You can create another super-user (createuser -s <your-new-user>) and use that to create the backups and the role dump. The reason to want to block the "postgres" user is that using this user is insecure because every postgresql installation comes with this user, leaving only the password to be guessed to attackers. This is much more insecure than being required to guess the username and the password. Especially when both are generated with a random password generator (I tend to use pwgen -s -1 X to generate random user names -- with a sufficiently big number for X).

[howardlowndes]

So, what you are saying, if I read you correctly, is, the button is there but it deliberately doesn't work. So, why is it there? I Know that in an earlier version - 1.10 - it worked for me.

On Tue, 9 Jan 2024 at 07:49, Erik Huelsmann @.***> wrote:

The problem is that on the one hand non-superusers aren't allowed to access global resources (and thus roles) and on the other hand the 'postgres' user isn't allowed to use IP-connections to the database server as per the pg_hba.conf (to any database), which is what the "backup_globals" uses internally.

You can create another super-user (createuser -s ) and use that to create the backups and the role dump. The reason to want to block the "postgres" user is that using this user is insecure because every postgresql installation comes with this user, leaving only the password to be guessed to attackers. This is much more insecure than being required to guess the username and the password. Especially when both are generated with a random password generator (I tend to use pwgen -s -1 X to generate random user names -- with a sufficiently big number for X).

— Reply to this email directly, view it on GitHub https://github.com/ledgersmb/LedgerSMB/issues/7909#issuecomment-1881798563, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMS2F7Q7BFDAHNN2CLVH3KDYNRLVTAVCNFSM6AAAAABBP5NPJ6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBRG44TQNJWGM . You are receiving this because you authored the thread.Message ID: @.***>

-- Howard. -- When you want a computer system that works, just choose Linux; When you want a computer system that works, just, choose Microsoft.

[ehuelsmann]

The button is there and it works, if the user has sufficient access rights. However, the front-end has insufficient knowledge of the user's rights to know it won't work. So "deliberately doesn't work" is an overstatement. We'll need to check if we can enhance the documentation in this respect.

Nothing changed with respect to the functioning of that button between 1.10 and 1.11.

[einhverfr]

We could check for superuser permissions and disable the button if they don;t have it.

[github-actions[bot]]

Closing: more than 90 days without user response. Feel free to reopen with your comments.