The document discusses PostgreSQL storage architecture, authentication, permissions, and commands. It provides details on: - The PostgreSQL data directory structure and how tables and indexes are stored as separate files across multiple file segments. - Authentication configuration using pg_hba.conf for host-based authentication and pg_ident.conf for user identification mapping. Authentication methods include trust, reject, ident, password, md5, and pam. - SQL commands for managing users, databases, tables, permissions, and database maintenance like vacuuming and reindexing. - Backup methods including SQL dumps, file system backups, and continuous archiving.

1. PostgreSQL Unleashed Marian Marinov Head of System Operations at Siteground.com

2. What is this talk about Storage Architecture

3. Authentication

4. Commands

5. Writing Functions

6. Storage Architecture

7. File system structure Default directory /var/lib/pgsql/data (PGDATA) / |- postgresql.conf |- pg_hba.conf |- pg_ident.conf |- postmaster.opts |- postmaster.pid |- PG_VERSION |- base per-database subdirectories |- global cluster-wide tables, such as pg_database |- pg_clog transaction commit status data |- pg_multixact multitransaction status data |- pg_stat_tmp temporary files for the statistics subsystem |- pg_subtrans subtransaction status data |- pg_tblspc symbolic links to tablespaces |- pg_twophase state files for prepared transactions |- pg_xlog WAL (Write Ahead Log) files

8. File system structure Directory representation: base -\ |- 1 |- 11510 |- 11511 |- 16384 \- 24576 template1=# SELECT datname,datlastsysoid FROM pg_database ; datname | datlastsysoid -----------------+--------------- template1 | 11510 template0 | 11510 postgres | 11510 os | 11510 (5 rows)

9. File system structure Directory representation: base -\ |- 11510 -\ | |- 24765 os# SELECT relname,relfilenode,reltablespace FROM pg_class WHERE relfilenode=24765; Relname | relfilenode | reltablespace -------------+----------------+--------------- disk_io | 24765 | 0 (1 row)

10. File system structure Table and Indexes are stored in separate files Tables bigger then 1GB are split into different files: filenode.1, filenode.2, ..., filenode.N The 1GB limit can be changed during build using –with-segsize configure option.

11. DataBase Design DBNAME SCHME OBJECTS(table/view/sequence/domain) database -\ |- public |- scheme1 -\ | |- table1 | |- table2 | |- view1 | |- view2 | |- seq1 | \- seq2 \- scheme2

12. Authentication

13. Authentication pg_hba.conf – Host based authentication pg_ident.conf – Identification information Authentication methods: trust – anyone to any DB

14. reject – do not allow any connections (useful for filtering)

15. ident -use the system user name or what identd provided

16. password – use cleartext passwords

17. md5 – md5 encrypted passwords

18. pam – use the Password Authentication Mechanism system

19. Authentication pg_hba.conf: local database user auth-method [auth-options] host database user CIDR-address auth-method [auth-options] hostssl database user CIDR-address auth-method [auth-options] hostnossl database user CIDR-address auth-method [auth-options] host database user IP-address IP-mask auth-method [auth-options] hostssl database user IP-address IP-mask auth-method [auth-options] hostnossl database user IP-address IP-mask auth-method [auth-options]

20. Authentication pg_ident.conf: map-name system-username database-username example: # MAPNAME SYSTEM-USERNAME PG-USERNAME omicron bryanh bryanh omicron ann ann # bob has user name robert on these machines omicron robert bob # bryanh can also connect as guest1 omicron bryanh guest1

21. Permissions Every object has its own privileges: Database privileges