How to configure Barman to run as a different user

Gabriele Bartolini
Gabriele Bartolini

Barman has been packaged to run as barman system user. However, it can run as a different user. In this article we describe how to run Barman on a dedicated server using a different user, namely postgres.

The recommended method to install Barman is through the provided and certified Deb/RPM packages available from the public 2ndQuadrant repository.

The way 2ndQuadrant has designed those packages is to install a system user called barman with /var/lib/barman as home directory.

The package also manages the maintenance cron task (in /etc/cron.d/barman) and logrotate configuration (in /etc/logrotate.d/barman), all designed to run as barman user.

Having this in mind, setting up your dedicated Barman server to run as a different user is a straightforward process. In this article we describe the process from scratch, immediately after having installed the barman package on the system. We are going to use the postgres user, but you can choose a different one.

IMPORTANT: Do not install Barman on the same server where PostgreSQL is installed. For more information on the reasons behind this choice, please read the related articles listed at the end of this document.

Create the system user

If the postgres user already exists, you can skip this step. Please make sure the user is configured as a system user.

To create the postgres system user and group, run:

adduser -r -U postgres

This will set /home/postgres as home directory. If you want to change it to /var/lib/pgsql , please proceed as follows:

adduser -r -d /var/lib/pgsql postgres

Create the Barman directory

In this example, we set /srv/barman as the main directory for Barman (this could be also a separate volume):

mkdir /srv/barman
chmod 660 /srv/barman
chown postgres:postgres /srv/barman

Change system settings

The package configures Barman in the standard /etc directory. We need to modify those configuration files to use postgres.

As first step, please set the user postgres (instead of barman) in the cron file:

vi /etc/cron.d/barman

Then, change the user to postgres (instead of barman) for logrotate:

vi /etc/logrotate.d/barman

Finally, properly set the permission for the log directory:

chown -R postgres:postgres /var/log/barman/

Change Barman configuration

It is now time to edit the main Barman configuration file (/etc/barman.conf) and set:

barman_user = postgres
barman_home = /srv/barman

WAL archiving

If you plan to use WAL archiving from PostgreSQL to Barman via archive_command, remember you need to properly set the destination user for SSH connections. If you use barman-wal-archive as recommended, please remember to use the -U option. For more details, type barman-wal-archive --help.

There's more

Obviously, this is not the only way you can configure Barman to run with a different user. Barman was actually designed at the start to run with different users, each having their own configuration files (in ~/.barman.conf). However, the proposed approach is the simplest one and, most importantly, can be easily adopted in a configuration management tool.

Obviously, passwords to connect to the PostgreSQL server will reside in the ~postgres/.pgpass file.

As a final note, do not forget to add the periodic cron job to start base backups. Normally, a weekly backup on Saturday at 4AM for all PostgreSQL servers configured in the Barman instance, in sequence, is fine. For example, you can add this job to the postgres user's cron with crontab -e:

0 4 * * 6 [ -x /usr/bin/barman ] && /usr/bin/barman -q backup all

Was this article helpful?

0 out of 0 found this helpful