On Tue, Jan 25, 2011 at 5:14 AM, Heikki Linnakangas <heikki.linnakan...@enterprisedb.com> wrote: >> I'm not entirely sure the replication privilege removal is correct. >> Doing that, it's no longer possible to deploy a slave *without* using >> pg_basebackup, unless you are superuser. Do we really want to put that >> restriction back in? > > Hmm, I thought we do, I thought that was changed just to make pg_basebackup > work without superuser privileges.
If we encourage users not to use the "replication" privilege to log in the database, putting that restriction seems to be reasonable. > Ok, I won't touch that. But then we'll need to decide what to do about > Fujii's observation > (http://archives.postgresql.org/pgsql-hackers/2011-01/msg01934.php): Yes. If we allow the "replication" users to call pg_start/stop_backup, we also allow them to connect to the database even during shutdown in order to cancel the backup. Regards, -- Fujii Masao NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers