Stephen Frost wrote: > * Craig Ringer (craig@2ndquadrant.com) wrote: > > It also means that monitoring tools must run as superuser to see > > information they require, which to me is a total showstopper. > > We've already got *far* too much of that going on for my taste. I'd > love to see a comprehensive solution to this problem which allows > monitoring systems to run w/o superuser privileges.
Yeah, we need a CAP_MONITOR capability thingy. (CAP_BACKUP would be great too -- essentially "read only but read everything")
Isn't CAP_BACKUP pretty much the REPLICATION privilege?
