Re: About a recently-added permission-related error message

On Mon, 20 Mar 2023 17:05:41 +0900 (JST)
Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> wrote:

> I found an error message added by de4d456b406bf502341ef526710d3f764b41e2c8.
>
> When I incorrectly configured the primary_conninfo with the wrong
> user, I received the following message on the server logs of both
> servers involved in a physical replcation set.
>
> [27022:walsender] FATAL: permission denied to start WAL sender
> [27022:walsender] DETAIL: Only roles with the REPLICATION attribute may start a WAL sender process.
>
> I'm not sure if adding the user name in the log prefix is a common
> practice, but without it, the log line might not have enough
> information. Unlike other permission-related messages, this message is
> not the something human operators receive in response to their
> actions. It seems similar to connection authorization logs where the
> user name is important. So, I'd like to propose the following
> alternative.

I am not sure whether this change is necessary because the error message
will appear in the log of the standby server and users can easily know
the connection user just by checking primary_conninfo.

> [27022:walsender] DETAIL: The connection user "r1" requires the REPLICATION attribute.

However, if we need this change, how about using
"DETAIL: The connection user "r1" must have the REPLICATION attribute."
This pattern is used in other part like check_object_ownership() and
AlterRole(). The user name is not included there, though.

Regards,
Yugo Nagata

> What do you think about this change?
>
> regards.
>
> --
> Kyotaro Horiguchi
> NTT Open Source Software Center

--
Yugo NAGATA <nagata(at)sraoss(dot)co(dot)jp>