Skip site navigation (1) Skip section navigation (2)

Re: Streaming replication as a separate permissions

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Josh Berkus <josh(at)agliodbs(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Streaming replication as a separate permissions
Date: 2010-12-30 15:08:09
Message-ID: AANLkTinp2zP6ARp_+Bd78fWRxXE4hxpOdcPsGKjb6=k8@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Thu, Dec 30, 2010 at 9:54 AM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> On tor, 2010-12-23 at 17:29 -0500, Tom Lane wrote:
>> Josh Berkus <josh(at)agliodbs(dot)com> writes:
>> > On 12/23/10 2:21 PM, Tom Lane wrote:
>> >> Well, that's one laudable goal here, but "secure by default" is another
>> >> one that ought to be taken into consideration.
>>
>> > I don't see how *not* granting the superuser replication permissions
>> > makes things more secure.  The superuser can grant replication
>> > permissions to itself, so why is suspending them by default beneficial?
>> >  I'm not following your logic here.
>>
>> Well, the reverse of that is just as true: if we ship it without
>> replication permissions on the postgres user, people can change that if
>> they'd rather not create a separate role for replication.  But I think
>> we should encourage people to NOT do it that way.  Setting it up that
>> way by default hardly encourages use of a more secure arrangement.
>
> I think this argument is a bit inconsistent in the extreme.  You might
> as well argue that a superuser shouldn't have any permissions by
> default, to discourage users from using it.  They can always grant
> permissions back to it.  I don't see why this particular one is so
> different.
>
> If we go down this road, we'll end up with a mess of permissions that a
> superuser has and doesn't have.

+1.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

pgsql-hackers by date

Next:From: Alvaro HerreraDate: 2010-12-30 15:18:40
Subject: Re: SLRU API tweak
Previous:From: Peter EisentrautDate: 2010-12-30 14:54:31
Subject: Re: Streaming replication as a separate permissions

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group