Re: Streaming replication as a separate permissions

On Mon, 2010-12-27 at 14:41 +0100, Magnus Hagander wrote:
> >> >
> >> > Where does pg_start_backup()/stop fit?
> >>
> >> Good question :)
> >>
> >> Given that the integrated-base-backup would call it for you, that one
> >> would definitely get it automatically.
> >>
> >> Given that the latest discissions seem to have most people wanting the
> >> replication role *not* to be allowed to log in and run general SQL, we
> >> should not drive the start/stop backup permissions from that
> >> privilege.
> >
> > So what your suggesting would actually defeat the purpose of having the
> > new privilege. Unless we trust in a new, untried method. Hmmm.
>
> No, it doesn't.
>
> In my experience, most DBAs will connect with their DBA account
> (usually the superuser, yes..) to run pg_start_backup() and
> pg_stop_backup(). That's no reason to let the slave sever run with
> superuser privileges all the time...

Remember the standby's superuser id is exactly the same as the main
server's superuserid. So unless you are going to stop the standby from
knowing its own superusers there's no huge benefit there. Is that what
you mean to do?

> That said, I agree that the we shouldn't *prevent* the DBA from
> setting up an account that is both superuser and replicator - just
> that we shouldn't do it by default.

--
Simon Riggs http://www.2ndQuadrant.com/books/
PostgreSQL Development, 24x7 Support, Training and Services