From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Streaming replication as a separate permissions |
Date: | 2010-12-23 22:57:25 |
Message-ID: | AANLkTimYOxwY3iPz9hx4x2bV1t=zt+HDD4h3bvvEoUR0@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Dec 23, 2010 at 23:44, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Josh Berkus <josh(at)agliodbs(dot)com> writes:
>> On 12/23/10 2:33 PM, Stephen Frost wrote:
>>> A better alternative, imv, would be to just have a & d, and mention in
>>> the release notes that users *should* create a dedicated replication
>>> role which is *not* a superuser but *does* have the replication grant,
>>> but if they don't want to change their existing configurations, they can
>>> just grant the replication privilege to whatever role they're currently
>>> using.
>
>> Well, if we really want people to change their behavior then we need to
>> make it easy for them:
>
>> 1) have a replication permission
>> 2) *by default* create a replication user with the replication
>> permission when we initdb.
>
> Yeah, I could see doing that ... the entry would be wasted if you're not
> doing any replication, but one wasted catalog entry isn't much.
>
> However, it'd be a real good idea for that role to be NOLOGIN if it's
> there by default.
That shouldn't be too hard - I'll look at making the patch do that to
make sure it *isn't* that hard ;)
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Josh Berkus | 2010-12-23 22:59:28 | Re: Streaming replication as a separate permissions |
Previous Message | Stephen Frost | 2010-12-23 22:49:14 | Re: Streaming replication as a separate permissions |