Re: "repliation" as database name
At Mon, 28 Jan 2019 17:30:57 +0900 (Tokyo Standard Time), Kyotaro HORIGUCHI wrote in <20190128.173057.41178374.horiguchi.kyot...@lab.ntt.co.jp> > At Wed, 26 Dec 2018 12:59:32 -0500, Tom Lane wrote in > <32289.1545847...@sss.pgh.pa.us> > > Hm, I agree that the para doesn't read very well now, but I think this > > could be improved further. How about something like > > > > # DATABASE can be "all", "sameuser", "samerole", "replication", a > > # database name, or a comma-separated list thereof. The "replication" > > # keyword matches replication connection requests (see example below). > > # The "all" keyword matches all database names, but not replication > > # connections. > > I'm afraid that just dropping "it must be enabled in a separate > record" leads to confusion. How about adding a comment to > replication connection examples. > > # Allow replication connections from localhost, by a user with the > # replication privilege. Each definition must have its own record. Mmm, this doesn't seem to saying what I wanted to say there. This seems better. # Allow replication connections from localhost, by a user with # the replication privilege. They must have separate records from # non-replication connections. regards. -- Kyotaro Horiguchi NTT Open Source Software Center
Re: "repliation" as database name
At Wed, 26 Dec 2018 12:59:32 -0500, Tom Lane wrote in <32289.1545847...@sss.pgh.pa.us> > Kyotaro HORIGUCHI writes: > > I found that in the documentation thanks to a notification > > off-list. And after some reconfirmation, what I want to fix is > > only a few lines of comment in pg_hba.conf.sample. > > > -# database name, or a comma-separated list thereof. The "all" > > -# keyword does not match "replication". Access to replication > > -# must be enabled in a separate record (see example below). > > +# database name, or a comma-separated list thereof. The "all" keyword > > +# matches all databases. The "replication" keyword matches a physical > > +# replication connection request and it must be enabled in a separate > > +# record (see example below) > > Hm, I agree that the para doesn't read very well now, but I think this > could be improved further. How about something like > > # DATABASE can be "all", "sameuser", "samerole", "replication", a > # database name, or a comma-separated list thereof. The "replication" > # keyword matches replication connection requests (see example below). > # The "all" keyword matches all database names, but not replication > # connections. I'm afraid that just dropping "it must be enabled in a separate record" leads to confusion. How about adding a comment to replication connection examples. # Allow replication connections from localhost, by a user with the # replication privilege. Each definition must have its own record. regards. -- Kyotaro Horiguchi NTT Open Source Software Center
Re: "repliation" as database name
Kyotaro HORIGUCHI writes: > I found that in the documentation thanks to a notification > off-list. And after some reconfirmation, what I want to fix is > only a few lines of comment in pg_hba.conf.sample. > -# database name, or a comma-separated list thereof. The "all" > -# keyword does not match "replication". Access to replication > -# must be enabled in a separate record (see example below). > +# database name, or a comma-separated list thereof. The "all" keyword > +# matches all databases. The "replication" keyword matches a physical > +# replication connection request and it must be enabled in a separate > +# record (see example below) Hm, I agree that the para doesn't read very well now, but I think this could be improved further. How about something like # DATABASE can be "all", "sameuser", "samerole", "replication", a # database name, or a comma-separated list thereof. The "replication" # keyword matches replication connection requests (see example below). # The "all" keyword matches all database names, but not replication # connections. regards, tom lane
"repliation" as database name
Hello. We can create a database named "replication". $ createdb replication A pg_hba.conf entry with DATABASE="all" is described as 'does not match "replication"' in the comment there, but actually it matches and we can connect to the database "replication". (Documentation doesn't mention the restriction) $ psql replication -At -c 'select current_database()' replication We can specify the name replication by quoting and it does not match a replication connection. It is not documented at all. pg_hba.conf > local "replication" all trust > #local replication all trust ## commented out > FATAL: could not connect to the primary server: FATAL: no pg_hba.conf entry > for replication connection from host "[local]", user "horiguti", SSL off > $ psql replication -At -c 'select current_database()' > replication The same can be said to sameuser, samerole and even all. I think this is absolutely sane behavior and worth documentation in any extent if it doesn't become complex. I think that at least the following amendments would be needed. - Remove ""all" does not match "replication"". Instead "The "all" keyword does not match replication connections." - double-quoted database name is taken literally. Is it worth doing? regards. -- Kyotaro Horiguchi NTT Open Source Software Center
