From:
Magnus Hagander <magnus(at)hagander(dot)net>
To:
Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc:
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Florian Pflug <fgp(at)phlo(dot)org>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:
Re: Streaming replication as a separate permissions
Date:
2011-01-03 11:00:24
Message-ID:
AANLkTikE6AzSntA-DNoVb59Wrh4Ny_pCLKsFeWma77=v@mail.gmail.com (view raw or flat )
Thread:
2010-12-23 09:53:10 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-23 15:15:21 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 15:49:45 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-23 15:54:41 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 15:57:23 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-23 19:59:02 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-23 20:34:33 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 20:35:15 from Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>
2010-12-24 02:37:30 from Florian Pflug <fgp(at)phlo(dot)org>
2010-12-24 03:16:18 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-24 03:36:51 from Florian Pflug <fgp(at)phlo(dot)org>
2010-12-24 04:00:14 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-24 04:31:38 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-24 04:46:30 from Stephen Frost <sfrost(at)snowman(dot)net>
2010-12-27 09:53:22 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 11:15:11 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 11:42:19 from Florian Pflug <fgp(at)phlo(dot)org>
2010-12-27 15:33:53 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-27 15:40:10 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 21:04:22 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 21:42:09 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-27 21:53:35 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-28 12:05:36 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-29 10:09:06 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-29 14:05:02 from Gurjeet Singh <singh(dot)gurjeet(at)gmail(dot)com>
2010-12-29 14:40:34 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-29 19:12:21 from Alvaro Herrera <alvherre(at)commandprompt(dot)com>
2010-12-30 11:57:09 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-30 13:59:41 from Alvaro Herrera <alvherre(at)commandprompt(dot)com>
2010-12-30 15:53:24 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-30 14:54:31 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2010-12-31 14:38:29 from Magnus Hagander <magnus(at)hagander(dot)net>
2011-01-03 11:00:24 from Magnus Hagander <magnus(at)hagander(dot)net>
2011-01-03 15:59:54 from Robert Haas <robertmhaas(at)gmail(dot)com>
2011-01-03 16:20:38 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2011-01-03 16:23:29 from Robert Haas <robertmhaas(at)gmail(dot)com>
2011-01-03 22:50:35 from Magnus Hagander <magnus(at)hagander(dot)net>
2011-01-05 03:24:20 from Robert Haas <robertmhaas(at)gmail(dot)com>
2011-01-05 13:24:45 from Magnus Hagander <magnus(at)hagander(dot)net>
2011-01-05 14:05:33 from Robert Haas <robertmhaas(at)gmail(dot)com>
2011-01-06 04:59:00 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2011-01-06 04:55:11 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2010-12-24 11:34:52 from Florian Pflug <fgp(at)phlo(dot)org>
2010-12-23 22:11:08 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-23 22:21:53 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 22:24:33 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-23 22:29:13 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-30 14:54:28 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2010-12-30 15:08:09 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-23 22:33:42 from Stephen Frost <sfrost(at)snowman(dot)net>
2010-12-23 22:38:11 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-23 22:44:02 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 22:49:14 from Stephen Frost <sfrost(at)snowman(dot)net>
2010-12-23 22:57:25 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-23 22:45:19 from Stephen Frost <sfrost(at)snowman(dot)net>
2010-12-23 22:59:28 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-24 00:08:38 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-24 00:11:31 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-23 19:57:08 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-23 20:31:01 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-27 08:32:21 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 09:36:28 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 09:52:57 from Dave Page <dpage(at)pgadmin(dot)org>
2010-12-27 10:34:55 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 11:00:30 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 13:25:29 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 13:41:27 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 13:51:50 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 13:54:07 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 15:45:39 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 15:55:11 from Magnus Hagander <magnus(at)hagander(dot)net>
Lists:
pgsql-hackers
On Fri, Dec 31, 2010 at 15:38, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> On Thu, Dec 30, 2010 at 15:54, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
>> On ons, 2010-12-29 at 11:09 +0100, Magnus Hagander wrote:
>>> I've applied this version (with some minor typo-fixes).
>>
>> This page is now somewhat invalidated:
>>
>> http://developer.postgresql.org/pgdocs/postgres/role-attributes.html
>
> Hmm. Somehow I missed that page completely when looking through the
> docs. I'll go update that.
BTW, shouldn't CONNECTION LIMIT be listed on that page? and INHERIT?
And VALID UNTIL? They're all role attributes, no? At least the last
two certainly interact with the authentication system...
>> First, it doesn't mention the replication privilege, and second it
>> continues to claim that superuser status bypasses all permission checks.
>
> Well, that was *already* wrong.
>
> superuser doesn't bypass NOLOGIN.
>
> That doesn't mean it shouldn't be fixed, but that's independent of the
> replication role.
I've committed a fix for this.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
In response to
Responses
pgsql-hackers by date
Next :From: Simon RiggsDate: 2011-01-03 11:10:40Subject : Re: Sync Rep DesignPrevious :From : Greg SmithDate : 2011-01-03 10:35:40Subject : Re: Recovery conflict monitoring
