Unable to dump PostgreSQL database with password-protected user #454
Labels
No Label
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: borgmatic-collective/borgmatic#454
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
What I'm trying to do and why
Use borgmatic to back up a postgresql database with a postgres account secured with a password for nextcloud backups.
Steps to reproduce (if a bug)
Actual behavior (if a bug)
Expected behavior (if a bug)
Borgmatic shouls successfully dump the postgresql database, because the password is being provided via the configuration file.
Other notes
The issue seems to lie in the
pg_dump
command being passed the--no-password
argument, despite the fact that there is a password defined in the configuration file.Environment
borgmatic version: 1.5.18
borgmatic installation method: Fedora package
Borg version: 1.1.17
Python version: 3.9.7
Database version (if applicable): Postgresql 13.4
operating system and version: Fedora Server 34
Thanks for filing such a thorough ticket! borgmatic actually passes the
--no-password
flag to PostgreSQL unconditionally, because it tells PostgreSQL commands not to prompt for a password—which would cause borgmatic to hang while it sits there waiting for the command to finish. borgmatic passes any configured password to PostgreSQL via an environment variable,PGPASSWORD
. (This environment variable doesn't show up in borgmatic's verbose output.)So having said all that, I'm not exactly sure why your authentication is failing. Assuming you've double checked the password, you could try running the exact
pg_dump
commands that borgmatic is running, first setting the password via environment variable. Example:If the command works, then there's something going wrong in borgmatic with the password. But if it doesn't work, then it's some other authentication issue with your PostgreSQL configuration.
Hope that helps!
So I tried running the pg_dump command in a root shell and I think there's a character in the password itself that needs to be escaped. I get a command not found error when bash apparently tries to run a chunk of my password as a command. Would that cause issues with borgmatic, or does borgmatic handle escaping? In the config I enclose the password in single quote marks.
Welp turns out I was wrong. I had the PostgreSQL user name wrong the whole time. Backup seems to be working just fine now. :|
Glad to hear that's all it was! We've all been there.
And to answer your question, borgmatic doesn't need to do any shell escaping on the password because it's passed as an environment variable and not on the command-line itself.