On Mon, Dec 27, 2010 at 14:25, Simon Riggs <si...@2ndquadrant.com> wrote: > On Mon, 2010-12-27 at 12:00 +0100, Magnus Hagander wrote: >> On Mon, Dec 27, 2010 at 11:34, Simon Riggs <si...@2ndquadrant.com> wrote: >> > On Mon, 2010-12-27 at 10:36 +0100, Magnus Hagander wrote: >> >> > Is backup part of this new privilege, or not? >> >> >> >> The "integrated base backup", once we have that, that's based on the >> >> walsender protocol? yes. >> >> pg_dump style backups? No. >> > >> > Where does pg_start_backup()/stop fit? >> >> Good question :) >> >> Given that the integrated-base-backup would call it for you, that one >> would definitely get it automatically. >> >> Given that the latest discissions seem to have most people wanting the >> replication role *not* to be allowed to log in and run general SQL, we >> should not drive the start/stop backup permissions from that >> privilege. > > So what your suggesting would actually defeat the purpose of having the > new privilege. Unless we trust in a new, untried method. Hmmm.
No, it doesn't. In my experience, most DBAs will connect with their DBA account (usually the superuser, yes..) to run pg_start_backup() and pg_stop_backup(). That's no reason to let the slave sever run with superuser privileges all the time... That said, I agree that the we shouldn't *prevent* the DBA from setting up an account that is both superuser and replicator - just that we shouldn't do it by default. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
