| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Streaming replication as a separate permissions |
| Date: | 2010-12-23 09:53:10 |
| Message-ID: | AANLkTimAFRqsaRkE5-D-7X1fxaoa+YHPdjewdpPht3GY@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Here's a patch that changes walsender to require a special privilege
for replication instead of relying on superuser permissions. We
discussed this back before 9.0 was finalized, but IIRC we ran out of
time. The motivation being that you really want to use superuser as
little as possible - and since being a replication slave is a read
only role, it shouldn't require the maximum permission available in
the system.
Obviously the patch needs docs and some system views updates, which I
will add later. But I wanted to post what I have so far for a quick
review to confirm whether I'm on the right track or not... How it
works should be rather obvious - adds a "WITH
REPLICATION/NOREPLICATION" to the create and alter role commands, and
then check this when a connection attempts to start the walsender.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| Attachment | Content-Type | Size |
|---|---|---|
| repl_role.patch | text/x-patch | 12.1 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marti Raudsepp | 2010-12-23 11:16:51 | Re: pl/python improvements |
| Previous Message | Pavel Stehule | 2010-12-23 08:10:26 | recapitulation: FOREACH-IN-ARRAY |