Re: Allow pg_dumpall to work without pg_authid

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Robins Tharakan <tharakan@gmail.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2017-02-28T16:12:35Z
Lists: pgsql-hackers
Robert,

* Robert Haas (robertmhaas@gmail.com) wrote:
> On Sun, Feb 19, 2017 at 12:24 AM, Robins Tharakan <tharakan@gmail.com> wrote:
> > I would like to work on a patch to accommodate restricted environments (such
> > as AWS RDS Postgres) which don't allow pg_authid access since their
> > definition of Superuser is just a regular user with extra permissions.
> >
> > Would you consider a patch to add a flag to work around this restriction,
> > Or, do you prefer that this be maintained outside core?
> 
> I am a little surprised that this patch has gotten such a good
> reception.  We haven't in the past been all that willing to accept
> core changes for the benefit of forks of PostgreSQL; extensions, sure,
> but forks?  Maybe we should take the view that Amazon has broken this
> and Amazon ought to fix it, rather than making it our job to (try to)
> work around their bugs.

I suspect it's gotten a reasonably good reception because it's about
making it possible to do more things as a non-superuser, which is
something that we've got a number of different people working on
currently, with two interesting patches from Dave geared towards doing
that for monitoring.  I have no doubt that there will be other users of
this, which means that it isn't "for the benefit of forks" but for users
of core too.

> On the other hand, maybe that approach is narrow-minded.

I agree that we shouldn't be accepting changes into core which are only
applicable and helpful for forks of PG.

Thanks!

Stephen

Commits

  1. Fix dumping role comments when using --no-role-passwords