Home > mailing lists

Re: BUG #6264: Superuser does not have inherent Replication permission - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: BUG #6264: Superuser does not have inherent Replication permission
Date	October 27, 2011 18:19:01
Msg-id	2308.1319739533@sss.pgh.pa.us Whole thread Raw
In response to	Re: BUG #6264: Superuser does not have inherent Replication permission (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-bugs

Tree view

Robert Haas <robertmhaas@gmail.com> writes:
> ...  If we do decide to change the
> behavior, we'd better carefully document that if you want to make
> someone a superuser without giving them replication privileges (or
> revoke their superuser status without revoking replication
> privileges), you need to specify both ALTER TABLE options.

You'd also have to be careful about processing-order dependencies;
consider
    ALTER USER joe NOREPLICATION SUPERUSER;
which would do the wrong thing with a naive implementation.

> All in all I'm somewhat inclined to think we should just patch the
> docs.  9.1 hasn't been out for very long, so maybe expectations aren't
> too settled yet, but changing security-critical behavior in back
> branches doesn't seem like a wonderful idea; and I think I mildly
> prefer the current semantics to the proposed ones.

+1

            regards, tom lane

pgsql-bugs by date:

From: Robert Haas
Date: 27 October 2011, 17:45:42
Subject: Re: BUG #6264: Superuser does not have inherent Replication permission

From: Gavin Flower
Date: 27 October 2011, 19:17:53
Subject: Re: Add statistics_collector_listen_addresses to fix hard-coding of "localhost"

Re: BUG #6264: Superuser does not have inherent Replication permission - Mailing list pgsql-bugs

Previous

Next