Re: Streaming replication as a separate permissions
| От | Magnus Hagander |
|---|---|
| Тема | Re: Streaming replication as a separate permissions |
| Дата | |
| Msg-id | AANLkTikeBeVkg-BHhX-bhU3mGD0MBGHhX8qNBeZb43ms@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Streaming replication as a separate permissions (Simon Riggs <simon@2ndQuadrant.com>) |
| Ответы |
Re: Streaming replication as a separate permissions
|
| Список | pgsql-hackers |
On Mon, Dec 27, 2010 at 14:25, Simon Riggs <simon@2ndquadrant.com> wrote: > On Mon, 2010-12-27 at 12:00 +0100, Magnus Hagander wrote: >> On Mon, Dec 27, 2010 at 11:34, Simon Riggs <simon@2ndquadrant.com> wrote: >> > On Mon, 2010-12-27 at 10:36 +0100, Magnus Hagander wrote: >> >> > Is backup part of this new privilege, or not? >> >> >> >> The "integrated base backup", once we have that, that's based on the >> >> walsender protocol? yes. >> >> pg_dump style backups? No. >> > >> > Where does pg_start_backup()/stop fit? >> >> Good question :) >> >> Given that the integrated-base-backup would call it for you, that one >> would definitely get it automatically. >> >> Given that the latest discissions seem to have most people wanting the >> replication role *not* to be allowed to log in and run general SQL, we >> should not drive the start/stop backup permissions from that >> privilege. > > So what your suggesting would actually defeat the purpose of having the > new privilege. Unless we trust in a new, untried method. Hmmm. No, it doesn't. In my experience, most DBAs will connect with their DBA account (usually the superuser, yes..) to run pg_start_backup() and pg_stop_backup(). That's no reason to let the slave sever run with superuser privileges all the time... That said, I agree that the we shouldn't *prevent* the DBA from setting up an account that is both superuser and replicator - just that we shouldn't do it by default. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
В списке pgsql-hackers по дате отправления: