On Mon, Dec 27, 2010 at 14:51, Simon Riggs <si...@2ndquadrant.com> wrote: > On Mon, 2010-12-27 at 14:41 +0100, Magnus Hagander wrote: >> >> > >> >> > Where does pg_start_backup()/stop fit? >> >> >> >> Good question :) >> >> >> >> Given that the integrated-base-backup would call it for you, that one >> >> would definitely get it automatically. >> >> >> >> Given that the latest discissions seem to have most people wanting the >> >> replication role *not* to be allowed to log in and run general SQL, we >> >> should not drive the start/stop backup permissions from that >> >> privilege. >> > >> > So what your suggesting would actually defeat the purpose of having the >> > new privilege. Unless we trust in a new, untried method. Hmmm. >> >> No, it doesn't. >> >> In my experience, most DBAs will connect with their DBA account >> (usually the superuser, yes..) to run pg_start_backup() and >> pg_stop_backup(). That's no reason to let the slave sever run with >> superuser privileges all the time... > > Remember the standby's superuser id is exactly the same as the main > server's superuserid. So unless you are going to stop the standby from > knowing its own superusers there's no huge benefit there. Is that what > you mean to do?
I'm sorry, I have no idea what you mean by that. You will certainly be able to log into the standby with a superuser account, nobody is preventing that. This is about protecting the *master*. For example, from modifications made by a user who hacked the standby. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
