Re: Streaming replication as a separate permissions
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Magnus Hagander <magnus@hagander.net>
Cc: Peter Eisentraut <peter_e@gmx.net>, Tom Lane <tgl@sss.pgh.pa.us>, Stephen Frost <sfrost@snowman.net>, Florian Pflug <fgp@phlo.org>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2011-01-03T15:59:54Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Allow Win32 to compile under MinGW. Major changes are:
- 12c942383296 7.4.1 cited
On Mon, Jan 3, 2011 at 6:00 AM, Magnus Hagander <magnus@hagander.net> wrote: > On Fri, Dec 31, 2010 at 15:38, Magnus Hagander <magnus@hagander.net> wrote: >> On Thu, Dec 30, 2010 at 15:54, Peter Eisentraut <peter_e@gmx.net> wrote: >>> On ons, 2010-12-29 at 11:09 +0100, Magnus Hagander wrote: >>>> I've applied this version (with some minor typo-fixes). >>> >>> This page is now somewhat invalidated: >>> >>> http://developer.postgresql.org/pgdocs/postgres/role-attributes.html >> >> Hmm. Somehow I missed that page completely when looking through the >> docs. I'll go update that. > > BTW, shouldn't CONNECTION LIMIT be listed on that page? and INHERIT? > And VALID UNTIL? They're all role attributes, no? +1. >>> First, it doesn't mention the replication privilege, and second it >>> continues to claim that superuser status bypasses all permission checks. >> >> Well, that was *already* wrong. >> >> superuser doesn't bypass NOLOGIN. >> >> That doesn't mean it shouldn't be fixed, but that's independent of the >> replication role. > > I've committed a fix for this. I still think this is the wrong approach. Saying superuser doesn't bypass nologin is like saying that it doesn't bypass the need to enter the correct password to authenticate to it. You have to BE the superuser before you start bypassing permissions checks, and NOLOGIN and a possible password prompts control WHO CAN BECOME superuser. On the other hand, the REPLICATION privilege is denying you the right to perform an operation *even though you already are authenticated as a superuser*. I don't think there's anywhere else in the system where we allow a privilege to non-super-users but deny that same privilege to super-users, and I don't think we should be starting now. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company