On Mon, 2006-07-31 at 09:52 -0400, Tom Lane wrote: > Andrew Dunstan <[EMAIL PROTECTED]> writes: > > Martijn van Oosterhout wrote: > >> Maybe someone should look into enabling slony to not run as a > >> superuser? > > > That was my initial reaction to this suggestion. But then I realised > > that it might well make sense to have a separate connection-limited > > superuser for Slony purposes (or any other special purpose) alongside an > > unlimited superuser. > > Actually, the real question in my mind is why Slony can't be trusted > to use the right number of connections to start with. If you don't > trust it that far, what are you doing letting it into your database as > superuser to start with?
I generally try to apply reasonable restrictions on all activities that take place on my systems unless the machine was dedicated for that task (in which case the limitations are those of the machine). When things go wrong, and they almost always do eventually, these types of restrictions ensure that only the one process grinds to a halt instead of the entire environment. Cron jobs are another area that are frequently implemented incorrectly. Implementing checks to see if it is already running is overlooked enough that I would like to restrict them as well. This is less important since roles now allow multiple users to take ownership of a relation; less jobs that need to run as a superuser. -- ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend