[check_postgres] Super user role
David Christensen
david at endpoint.com
Mon Oct 19 14:56:10 UTC 2020
Hi Norman,
You can check HEAD on the repo (or just retrieve from here):
https://raw.githubusercontent.com/bucardo/check_postgres/master/check_postgres.pl
Best,
David
--
David Christensen
Senior Software and Database Engineer
End Point Corporation
david at endpoint.com
785-727-1171
> On Oct 19, 2020, at 9:19 AM, Norman Wong <Norman.Wong at cn.ca> wrote:
>
> Yes. I would be able to test in our environment.
>
>
> -----Original Message-----
> From: David Christensen <david at endpoint.com>
> Sent: Monday, October 19, 2020 10:05 AM
> To: Norman Wong <Norman.Wong at cn.ca>
> Cc: check_postgres at bucardo.org; Luc Galasso <Luc.Galasso at cn.ca>
> Subject: Re: [check_postgres] Super user role
>
>
> So after doing some research on this looks like 9.6 and up, but sounds like it will still work in your case. Would you be able to test a patch to check this support?
>
> Sent from my iPhone
>
>> On Oct 19, 2020, at 8:01 AM, Norman Wong <Norman.Wong at cn.ca> wrote:
>>
>> We are running only on supported versions of Postgresql Community edition (so 9.6+).
>>
>> I did a quick and dirty update to the perl code and hardcoded a 'SET ROLE' before each command. It works without problem. I am able to run all the checks requiring Super User access without a Altering the monitoring role.
>>
>> Thanks for you quick response.
>>
>> Norm
>>
>>
>> -----Original Message-----
>> From: David Christensen <david at endpoint.com>
>> Sent: Sunday, October 18, 2020 1:08 PM
>> To: Norman Wong <Norman.Wong at cn.ca>
>> Cc: check_postgres at bucardo.org
>> Subject: Re: [check_postgres] Super user role
>>
>> Hi Norman,
>>
>> You’re envisioning something which if set just does a `SET ROLE …` after making the connection but before running the individual checks? This does not seem like it would be very hard given a `psql` >= 9.5, as we could add the additional commands to the generated `psql` commands.
>>
>> Supporting versions earlier than this would be quite a bit harder.
>> Would that support your needs or do you have older databases than 9.5?
>> (If 9.5 is in fact the cutoff for support, I’m fine with adding new
>> features that would support all supported PostgreSQL versions.)
>>
>> Best,
>>
>> David
>> --
>> David Christensen
>> Senior Software and Database Engineer
>> End Point Corporation
>> david at endpoint.com
>> 785-727-1171
>>
>>
>>> On Oct 15, 2020, at 1:29 PM, Norman Wong <Norman.Wong at cn.ca> wrote:
>>>
>>> Thanks for producing this great module. I’d like to suggest a small addition.
>>>
>>> In our organization we do not grant superuser to any login roles. There is a group role with superuser authority. Superuser privilege cannot be inherited. The login roles in this group must explicitly set the role to the superuser group to elevate their privileges.
>>>
>>> There are a number of checks within check_postgres.pl that require superuser privilege. Would it be possible to have a parameter where we can pass the superuser group role (e.g. –role )?
>>>
>>> Thanks,
>>>
>>>
>>> Norman Wong, BMath, FLMI, RRCP Certified Specialist Database, IT
>>> Technology & Infrastructure for Db2, Postgresql, Hana DB, and Versant
>>> Management | Information Technology
>>> T: 514-399-7264 | C: 514-206-2258
>>> Celebrating 100 years | Célébrons nos 100 ans
>>>
>>>
>>> _______________________________________________
>>> Check_postgres mailing list
>>> Check_postgres at bucardo.org
>>> https://bucardo.org/mailman/listinfo/check_postgres
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://bucardo.org/pipermail/check_postgres/attachments/20201019/1ac10801/attachment.sig>
More information about the Check_postgres
mailing list