#94 Make config files owned by "barman:barman" instead of root

[Greg Clough]

A default install of Barman on CentOS v7 gives config files that are root owned:

/etc/barman.conf
/etc/barman.d (and all files inside)

Shoudl these not be owned by "barman:barman", so that configuration of backups can be done without having to be root?

[Gunnar]

+1 to making barman non-root-able

[Gunnar]

this issue might be obsolete: I just learned from this ticket that you can point barman to any config file with a simple -c option like barman -c /path/to/barman.conf

[Greg Clough]

@Gunnar , even if you can specify a local config, shouldn't the default configs be owned by barman:barman instead of root? As it stands, we need to give root or sudo vi /etc/barman.conf priv to the DBA's, when all they should need is sudo su - barman to do everything they need.

Right?

[Gunnar]

hm, my working hypothesis for now would be that as long the barman user can find and access a valid barman.conf she should be happy with that and operate. The default /etc/barman/barman.conf can be owned by whomever as it never plays any role on such a system I would say.

If you are lazy enough you create an alias for the barman user like alias barman='barman -c /path/to/barman.conf naturally

I am happy to accepts any explanation on what may be wrong with this understanding if it was wrong though.

In an ideal world the installation script setup.pyrun with the --user flag would set this up by itself (I can't say whether it works that way or not yet)

[Gabriele Bartolini]

I am happy to explain the reasons why we chose root:root permissions for
the system wide configuration.

There is already a way to easily override that: by default, the file in the
HOME directory of Barman has a higher priority (~barman/.barman.conf).

See:
https://docs.pgbarman.org/release/2.15/barman.5.html#configuration-file-locations

As a result I am not a fan of changing the default permissions of the
system wide configuration - my devops side of the brain tells me that that
folder should be managed by configuration managers with proper change
management policies.

Anyway, my 2 cents.

Ciao,
Gabriele

Il giorno gio 25 nov 2021 alle ore 15:58 Gunnar dulhaver@users.sourceforge.net ha scritto:

hm, my working hypothesis for now would be that as long the barman user
can find and access a valid barman.conf she should be happy with that and
operate. The default /etc/barman/barman.conf can be owned by whomever as
it never plays any role on such a system I would say.

If you are lazy enough you create an alias for the barman user like alias
barman='barman -c /path/to/barman.conf naturally

I am happy to accepts any explanation on what may be wrong with this
understanding if it was wrong though.

In an ideal world the installation script setup.pyrun with the --user
flag would set this up by itself (I can't say whether it works that way or
not yet)

---

• [tickets:#94] https://sourceforge.net/p/pgbarman/tickets/94/ Make
  config files owned by "barman:barman" instead of root*

Status: open
Milestone: 2.x
Created: Wed Jun 27, 2018 08:19 PM UTC by Greg Clough
Last Updated: Thu Nov 25, 2021 02:40 PM UTC
Owner: nobody

A default install of Barman on CentOS v7 gives config files that are root
owned:

/etc/barman.conf
/etc/barman.d (and all files inside)

Shoudl these not be owned by "barman:barman", so that configuration of
backups can be done without having to be root?

---

Sent from sourceforge.net because you indicated interest in
https://sourceforge.net/p/pgbarman/tickets/94/

To unsubscribe from further messages, please visit
https://sourceforge.net/auth/subscriptions/

[Gunnar]

thx for claryfying. Especially as it also contains confirmation that it is possible (and how) to run barman withouth root priviledges (as per i.e. this thread).

Also, obviousely all the aliassing (as mentioned above) becomes obsolet this way.