| Lists: | pgsql-hackers |
|---|
| From: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | REPLICATION privilege and shutdown |
| Date: | 2011-01-20 09:41:02 |
| Message-ID: | AANLkTikJ983toy7t4AL_Dj_T_eqmpwrutyHNsO+bTFXh@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Hi,
Both the user with REPLICATION privilege and the superuser can
call pg_stop_backup. But only superuser can connect to the server
to cancel online backup during shutdown. The non-superuser with
REPLICATION privilege cannot. Is this behavior intentional? Or just
oversight?
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center
| From: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
|---|---|
| To: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: REPLICATION privilege and shutdown |
| Date: | 2011-01-20 09:50:24 |
| Message-ID: | 4D380560.3040400@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On 20.01.2011 11:41, Fujii Masao wrote:
> Hi,
>
> Both the user with REPLICATION privilege and the superuser can
> call pg_stop_backup. But only superuser can connect to the server
> to cancel online backup during shutdown. The non-superuser with
> REPLICATION privilege cannot. Is this behavior intentional? Or just
> oversight?
I think we need to consider the situation after the "multiple streaming
base backups" patch goes in. After that we can change pg_stop_backup()
so that you need superuser privileges to run it again - replication
privileges is enough to do a streaming base backup, but that no longer
interferes with the pg_start/stop_backup() admin functions.
At the moment, a streaming base backup and manual pg_start/stop_backup()
use the same machinery, so it's possible e.g to run pg_stop_backup()
while a streaming base backup is running, causing it to fail at the end.
Or worse, you can run pg_stop_backup()+pg_start_backup(), and the
streaming base backup will seemingly succeed, but the produced backup is
potentially corrupt.
The multiple base backups patch will fix that too.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
| Cc: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: REPLICATION privilege and shutdown |
| Date: | 2011-01-20 09:54:48 |
| Message-ID: | AANLkTinL4WT1=4772GqPvX-PNmG9CQoH29F9=hqcYtOo@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On Thu, Jan 20, 2011 at 10:50, Heikki Linnakangas
<heikki(dot)linnakangas(at)enterprisedb(dot)com> wrote:
> On 20.01.2011 11:41, Fujii Masao wrote:
>>
>> Hi,
>>
>> Both the user with REPLICATION privilege and the superuser can
>> call pg_stop_backup. But only superuser can connect to the server
>> to cancel online backup during shutdown. The non-superuser with
>> REPLICATION privilege cannot. Is this behavior intentional? Or just
>> oversight?
>
> I think we need to consider the situation after the "multiple streaming base
> backups" patch goes in. After that we can change pg_stop_backup() so that
> you need superuser privileges to run it again - replication privileges is
> enough to do a streaming base backup, but that no longer interferes with the
> pg_start/stop_backup() admin functions.
>
> At the moment, a streaming base backup and manual pg_start/stop_backup() use
> the same machinery, so it's possible e.g to run pg_stop_backup() while a
> streaming base backup is running, causing it to fail at the end. Or worse,
> you can run pg_stop_backup()+pg_start_backup(), and the streaming base
> backup will seemingly succeed, but the produced backup is potentially
> corrupt.
>
> The multiple base backups patch will fix that too.
Yeah; I've been avoiding to even think about that one pending the
multiple base backups, onthe assumption that it goes in before
release. If it doesn't, for some reason, that needs to be revisited,
obviously.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
|---|---|
| To: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: REPLICATION privilege and shutdown |
| Date: | 2011-01-20 09:59:17 |
| Message-ID: | AANLkTikwd06bFGyfmNSdQVN-sHAPNANMnnuYD7L3Ns+L@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On Thu, Jan 20, 2011 at 6:50 PM, Heikki Linnakangas
<heikki(dot)linnakangas(at)enterprisedb(dot)com> wrote:
> I think we need to consider the situation after the "multiple streaming base
> backups" patch goes in. After that we can change pg_stop_backup() so that
> you need superuser privileges to run it again - replication privileges is
> enough to do a streaming base backup, but that no longer interferes with the
> pg_start/stop_backup() admin functions.
Fair enough.
> At the moment, a streaming base backup and manual pg_start/stop_backup() use
> the same machinery, so it's possible e.g to run pg_stop_backup() while a
> streaming base backup is running, causing it to fail at the end. Or worse,
> you can run pg_stop_backup()+pg_start_backup(), and the streaming base
> backup will seemingly succeed, but the produced backup is potentially
> corrupt.
>
> The multiple base backups patch will fix that too.
OK.
BTW, I found this behavior when I read your patch ;)
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center