| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Florian Pflug <fgp(at)phlo(dot)org>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Streaming replication as a separate permissions |
| Date: | 2011-01-03 11:00:24 |
| Message-ID: | AANLkTikE6AzSntA-DNoVb59Wrh4Ny_pCLKsFeWma77=v@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Dec 31, 2010 at 15:38, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> On Thu, Dec 30, 2010 at 15:54, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
>> On ons, 2010-12-29 at 11:09 +0100, Magnus Hagander wrote:
>>> I've applied this version (with some minor typo-fixes).
>>
>> This page is now somewhat invalidated:
>>
>> http://developer.postgresql.org/pgdocs/postgres/role-attributes.html
>
> Hmm. Somehow I missed that page completely when looking through the
> docs. I'll go update that.
BTW, shouldn't CONNECTION LIMIT be listed on that page? and INHERIT?
And VALID UNTIL? They're all role attributes, no? At least the last
two certainly interact with the authentication system...
>> First, it doesn't mention the replication privilege, and second it
>> continues to claim that superuser status bypasses all permission checks.
>
> Well, that was *already* wrong.
>
> superuser doesn't bypass NOLOGIN.
>
> That doesn't mean it shouldn't be fixed, but that's independent of the
> replication role.
I've committed a fix for this.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2011-01-03 11:10:40 | Re: Sync Rep Design |
| Previous Message | Greg Smith | 2011-01-03 10:35:40 | Re: Recovery conflict monitoring |