| From: | Robert Treat <rob(at)xzilla(dot)net> |
|---|---|
| To: | ynux <ynux(at)gmx(dot)net> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: allow a user to see current_query in pg_stat_activity in 8.4 |
| Date: | 2012-12-26 17:27:14 |
| Message-ID: | CABV9wwPEy-n=Simudq6znqmEdy_APNZha1Q=yZfV0ejj2RjjCA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Fri, Dec 21, 2012 at 8:12 AM, ynux <ynux(at)gmx(dot)net> wrote:
> Hi.
> Your question was:
>
>>> We want to create a role used by a monitor to check for "<IDLE> in
>>> Transaction" with the most restrictive permissions we can on a 8.4.13
>>> instance.
>>
>>> The user has been granted connect privilege to the database and some
>>> limited permissions to user tabhles that need to be monitored. But
>>> pg_stat_activity shows only "<insufficient privilege>"
>>
>
> I had the same problem, wondered how nagios does it, and found this:
> https://github.com/elecnix/nagios-postgresql/blob/master/pg_stat_activity.sql
>
> It works perfectly for me, on 8.4.12 though.
> Make sure to run it in the database your monitoring user connects to, and do
> not use template1. You may have to "create language plpgsql;" first.
>
Be aware this will actually allow everyone to see all queries in
pg_stat_activity, which might be a bit more than you want. I had an
old project that dealt with this a little more fine grained, you might
want to take a look at it:
https://github.com/xzilla/secure_check_postgres/tree/master/sql
It certainly needs updating for 9.2, but the concepts might still be useful.
Robert Treat
conjecture: xzilla.net
consulting: omniti.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kong Man | 2012-12-26 22:56:54 | Re: log_min_messages=debug5, despite an explicit setting to warning on postgresql.conf |
| Previous Message | Kevin Grittner | 2012-12-26 14:33:21 | Re: Regarding Migaration from Mysql procedures to Postgresql Functions |