Skip site navigation (1) Skip section navigation (2)

Re: Streaming replication as a separate permissions

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Florian Pflug <fgp(at)phlo(dot)org>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Streaming replication as a separate permissions
Date: 2010-12-27 09:53:22
Message-ID: AANLkTimj0b--wyMX4x6UhRTOc39mOZEXZgbFdiF+1nNa@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Fri, Dec 24, 2010 at 05:46, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>> I think I agree with Florian about the confusing-ness of the proposed
>> semantics.  Aren't you saying you want NOLOGIN mean "not allowed to
>> log in for the purposes of issuing SQL commands, but allowed to log in
>> for replication"?  Uggh.
>
> I like the general idea of a replication-only "role" or "login".  Maybe
> implementing that as a role w/ all the things that come along with it
> being a role isn't right, but we don't want to have to reinvent all the
> supported auth mechanisms (and please don't propose limiting the auth
> options for the replication login!).  Is there a way we can leverage the
> auth mechanisms, etc, while forcing the 'replication role' to only be
> able to do what a 'replication role' should do?

We could quite easily make a replication role *never* be able to
connect to a non-walsender backend. That would mean that if you set
your role to WITH REPLICATION, it can *only* be used for replication
and nothing else (well, you could still SET ROLE to it, but given that
it's not a superuser (anymore), that doesn't have any security
implications. Though we could perhaps restrict that as well in the SET
ROLE processing code).

This requires there to be a separate user for replication in all cases
- which isn't a bad thing IMHO. And it also doesn't "abuse"/confuse
the NOLOGIN attribute.

-- 
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

In response to

Responses

pgsql-hackers by date

Next:From: Simon RiggsDate: 2010-12-27 10:34:55
Subject: Re: Streaming replication as a separate permissions
Previous:From: Dave PageDate: 2010-12-27 09:52:57
Subject: Re: Streaming replication as a separate permissions

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group