Re: almost-super-user problems that we haven't fixed yet
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2023-01-19T16:40:53Z
Lists: pgsql-hackers
On Wed, Jan 18, 2023 at 4:14 PM Nathan Bossart <nathandbossart@gmail.com> wrote: > On Wed, Jan 18, 2023 at 02:51:38PM -0500, Robert Haas wrote: > > Should (nfree < SuperuserReservedBackends) be using <=, or am I confused? > > I believe < is correct. At this point, the new backend will have already > claimed a proc struct, so if the number of remaining free slots equals the > number of reserved slots, it is okay. OK. Might be worth a short comment. > > What's the deal with removing "and no new replication connections will > > be accepted" from the documentation? Is the existing documentation > > just wrong? If so, should we fix that first? And maybe delete > > "non-replication" from the error message that says "remaining > > connection slots are reserved for non-replication superuser > > connections"? It seems like right now the comments say that > > replication connections are a completely separate pool of connections, > > but the documentation and the error message make it sound otherwise. > > If that's true, then one of them is wrong, and I think it's the > > docs/error message. Or am I just misreading it? > > I think you are right. This seems to have been missed in ea92368. I moved > this part to a new patch that should probably be back-patched to v12. I'm inclined to commit it to master and not back-patch. It doesn't seem important enough to perturb translations. Tushar seems to have a point about pg_use_reserved_connections vs. pg_use_reserved_backends. I think we should standardize on the former, as backends is an internal term. -- Robert Haas EDB: http://www.enterprisedb.com
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Improve several permission-related error messages.
- de4d456b406b 16.0 landed
-
Integrate superuser check into has_rolreplication()
- 442f8700656b 16.0 landed
-
Small code simplification
- 3b7cd8c690f2 16.0 landed
-
Adjust interaction of CREATEROLE with role properties.
- f1358ca52dd7 16.0 landed
-
Add new GUC reserved_connections.
- 6e2775e4d4e4 16.0 landed
-
Rename ReservedBackends variable to SuperuserReservedConnections.
- fe00fec1f5d7 16.0 landed
-
Update docs and error message for superuser_reserved_connections.
- 6c1d5ba48678 16.0 landed
-
Add new GUC createrole_self_grant.
- e5b8a4c098ad 16.0 cited
-
Restrict the privileges of CREATEROLE users.
- cf5eb37c5ee0 16.0 cited
-
Add a SET option to the GRANT command.
- 3d14e171e9e2 16.0 cited