Re: Streaming replication as a separate permissions - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Streaming replication as a separate permissions
Date
Msg-id 23446.1293117321@sss.pgh.pa.us
Whole thread Raw
In response to Streaming replication as a separate permissions  (Magnus Hagander <magnus@hagander.net>)
Responses Re: Streaming replication as a separate permissions
Re: Streaming replication as a separate permissions
List pgsql-hackers
Magnus Hagander <magnus@hagander.net> writes:
> Here's a patch that changes walsender to require a special privilege
> for replication instead of relying on superuser permissions. We
> discussed this back before 9.0 was finalized, but IIRC we ran out of
> time. The motivation being that you really want to use superuser as
> little as possible - and since being a replication slave is a read
> only role, it shouldn't require the maximum permission available in
> the system.

Maybe it needn't require "max" permissions, but one of the motivations
for requiring superusernesss was to prevent Joe User from sucking every
last byte of data out of your database (and into someplace he could
examine it at leisure).  This patch opens that barn door wide, because
so far as I can see, it allows anybody at all to grant the replication
privilege ... or revoke it, thereby breaking your replication setup.
I think only superusers should be allowed to change the flag.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Kenneth Marshall
Date:
Subject: Re: Why is sorting on two columns so slower thansortingon one column?
Next
From: Quan Zongliang
Date:
Subject: Re: Patch BUG #5103: "pg_ctl -w (re)start" fails with custom unix_socket_directory