| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Streaming replication as a separate permissions |
| Date: | 2010-12-23 22:38:11 |
| Message-ID: | 4D13CF53.7030107@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 12/23/10 2:33 PM, Stephen Frost wrote:
> A better alternative, imv, would be to just have a & d, and mention in
> the release notes that users *should* create a dedicated replication
> role which is *not* a superuser but *does* have the replication grant,
> but if they don't want to change their existing configurations, they can
> just grant the replication privilege to whatever role they're currently
> using.
Well, if we really want people to change their behavior then we need to
make it easy for them:
1) have a replication permission
2) *by default* create a replication user with the replication
permission when we initdb.
3) have an example line for a replication connection by the replication
user in the default pg_hba.conf (commented out).
4) change all our docs and examples to use that replication user.
If using the replication user is easier than any other path, people
will. If it's harder, they won't.
--
-- Josh Berkus
PostgreSQL Experts Inc.
http://www.pgexperts.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-12-23 22:44:02 | Re: Streaming replication as a separate permissions |
| Previous Message | Stephen Frost | 2010-12-23 22:33:42 | Re: Streaming replication as a separate permissions |