| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com>, Andres Freund <andres(at)2ndquadrant(dot)com> |
| Cc: | Satoshi Nagayasu <snaga(at)uptime(dot)jp>, PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org>, Michael Paquier <mpaquier(at)vmware(dot)com> |
| Subject: | Re: pg_rewind in contrib |
| Date: | 2015-01-13 22:07:47 |
| Message-ID: | 54B59733.2010200@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
There are two ways in which access control for replication connections
is separate:
- replication pseudo-database in pg_hba.conf
- replication role attribute
If someone has a restrictive setup for replication and pg_basebackup,
and then pg_rewind enters, they will have to
- add a line to pg_hba.conf to allow non-replication access
- connect as superuser
The first is an inconvenience, although it might be useful for this and
other reasons to have a variant of "all" includes "replication".
The second, however, is a problem, because you have to change from a
restricted, quasi-ready-only user to full superuser access.
One way to address that might be if we added backend functions that are
variants of pg_ls_dir() and pg_stat_file() that are accessible only with
the replication attribute. Or we allow calling pg_ls_dir() and
pg_stat_file() with relative paths with the replication attribute.
(While we're at it, add a recursive variant of pg_ls_dir().) Or some
variant of that.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2015-01-13 22:29:51 | hung backends stuck in spinlock heavy endless loop |
| Previous Message | Peter Eisentraut | 2015-01-13 21:41:32 | Re: pg_basebackup fails with long tablespace paths |