Skip site navigation (1) Skip section navigation (2)

Streaming replication as a separate permissions

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Streaming replication as a separate permissions
Date: 2010-12-23 09:53:10
Message-ID: AANLkTimAFRqsaRkE5-D-7X1fxaoa+YHPdjewdpPht3GY@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
Here's a patch that changes walsender to require a special privilege
for replication instead of relying on superuser permissions. We
discussed this back before 9.0 was finalized, but IIRC we ran out of
time. The motivation being that you really want to use superuser as
little as possible - and since being a replication slave is a read
only role, it shouldn't require the maximum permission available in
the system.

Obviously the patch needs docs and some system views updates, which I
will add later. But I wanted to post what I have so far for a quick
review to confirm whether I'm on the right track or not... How it
works should be rather obvious - adds a "WITH
REPLICATION/NOREPLICATION" to the create and alter role commands, and
then check this when a connection attempts to start the walsender.

-- 
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Attachment: repl_role.patch
Description: text/x-patch (12.1 KB)

Responses

pgsql-hackers by date

Next:From: Marti RaudseppDate: 2010-12-23 11:16:51
Subject: Re: pl/python improvements
Previous:From: Pavel StehuleDate: 2010-12-23 08:10:26
Subject: recapitulation: FOREACH-IN-ARRAY

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group