We are using pg_dumpall to make backups of our psql database. We have user with superuser rights that runs pg_dumpall. Everything works fine.
The thing that in my opinin can be better is to limit that users rights (just in case). So, my question is - can we create some user without superuser rights but with the rigtes to use pg_dumpall corretly?
Dumping database roles and their passwords will be a problem anyway. You could create a role that has SELECT-permissions on all databases and system tables, but then you have the same security issues as you will have with a superuser: passwords (or hashes) and all data can be retrieved.
I would use a superuser for making backups, it's his job anyway.