Streaming replication as a separate permissions - Mailing list pgsql-hackers

From Magnus Hagander
Subject Streaming replication as a separate permissions
Date
Msg-id AANLkTimAFRqsaRkE5-D-7X1fxaoa+YHPdjewdpPht3GY@mail.gmail.com
Whole thread Raw
Responses Re: Streaming replication as a separate permissions
Re: Streaming replication as a separate permissions
List pgsql-hackers
Here's a patch that changes walsender to require a special privilege
for replication instead of relying on superuser permissions. We
discussed this back before 9.0 was finalized, but IIRC we ran out of
time. The motivation being that you really want to use superuser as
little as possible - and since being a replication slave is a read
only role, it shouldn't require the maximum permission available in
the system.

Obviously the patch needs docs and some system views updates, which I
will add later. But I wanted to post what I have so far for a quick
review to confirm whether I'm on the right track or not... How it
works should be rather obvious - adds a "WITH
REPLICATION/NOREPLICATION" to the create and alter role commands, and
then check this when a connection attempts to start the walsender.

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Attachment

pgsql-hackers by date:

Previous
From: Pavel Stehule
Date:
Subject: recapitulation: FOREACH-IN-ARRAY
Next
From: Marti Raudsepp
Date:
Subject: Re: pl/python improvements