| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Jeff Davis <pgsql(at)j-davis(dot)com>, "Bossart, Nathan" <bossartn(at)amazon(dot)com>, Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT. |
| Date: | 2021-11-08 17:33:25 |
| Message-ID: | 20211108173325.6ury6xflvxq7yqbn@alap3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On 2021-11-08 12:23:18 -0500, Stephen Frost wrote:
> If we're actually worried about catalog corruption (and, frankly, I've
> got some serious doubts that jumping in and running CHECKPOINT; by hand
> is a great idea if there's such active corruption)
I've been there when recovering from corruption.
> though I continue to feel like the function based approach is better.
I think it's a somewhat ugly hack.
> then we must use such an approach no matter how we allow non-superusers to
> run the command because any approach to that necessarily involves some
> amount of catalog access.
As long as there's no additional catalog access when the user is known to be a
superuser, then I think it's fine. There's a difference between doing one
pg_authid read for superuser - with a fallback to automatically assuming a
user if one couldn't be found - and doing a full pg_proc read with several
subsidiary pg_type reads etc.
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2021-11-08 17:39:33 | Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT. |
| Previous Message | Stephen Frost | 2021-11-08 17:32:38 | Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT. |