From: Michael Paquier Date: Tue, 5 May 2020 05:16:01 +0000 (+0900) Subject: Doc: Outline REPLICATION before SUPERUSER privilege X-Git-Url: http://git.postgresql.org/gitweb/-?a=commitdiff_plain;h=c5114e42fa1ddd2c44a03339ffa436e732477397;p=users%2Frhaas%2Fpostgres.git Doc: Outline REPLICATION before SUPERUSER privilege The following docs are updated: - High-availaility section - pg_basebackup - pg_receivewal Per the principle of least privilege, we want to encourage users to interact with those areas using roles that have replication rights, but superusers were mentioned first. Author: Daniel Gustafsson Reviewed-by: Fujii Masao, Michael Paquier Discussion: https://postgr.es/m/ECEBD212-7101-41EB-84F3-2F356E4B6401@yesql.se --- diff --git a/doc/src/sgml/high-availability.sgml b/doc/src/sgml/high-availability.sgml index 52e47379cc..8862f84412 100644 --- a/doc/src/sgml/high-availability.sgml +++ b/doc/src/sgml/high-availability.sgml @@ -827,12 +827,14 @@ archive_cleanup_command = 'pg_archivecleanup /path/to/archive %r' It is very important that the access privileges for replication be set up so that only trusted users can read the WAL stream, because it is easy to extract privileged information from it. Standby servers must - authenticate to the primary as a superuser or an account that has the - REPLICATION privilege. It is recommended to create a - dedicated user account with REPLICATION and LOGIN - privileges for replication. While REPLICATION privilege gives - very high permissions, it does not allow the user to modify any data on - the primary system, which the SUPERUSER privilege does. + authenticate to the primary as an account that has the + REPLICATION privilege or a superuser. It is + recommended to create a dedicated user account with + REPLICATION and LOGIN + privileges for replication. While REPLICATION + privilege gives very high permissions, it does not allow the user to + modify any data on the primary system, which the + SUPERUSER privilege does. diff --git a/doc/src/sgml/ref/pg_basebackup.sgml b/doc/src/sgml/ref/pg_basebackup.sgml index 01ce44ee22..12fadabfb8 100644 --- a/doc/src/sgml/ref/pg_basebackup.sgml +++ b/doc/src/sgml/ref/pg_basebackup.sgml @@ -51,8 +51,8 @@ PostgreSQL documentation The backup is made over a regular PostgreSQL connection, and uses the replication protocol. The connection must be made - with a superuser or a user having REPLICATION - permissions (see ), + with a user having REPLICATION permissions + (see ) or a superuser, and pg_hba.conf must explicitly permit the replication connection. The server must also be configured with set high enough to leave at least diff --git a/doc/src/sgml/ref/pg_receivewal.sgml b/doc/src/sgml/ref/pg_receivewal.sgml index febfc0ba13..73431bfc05 100644 --- a/doc/src/sgml/ref/pg_receivewal.sgml +++ b/doc/src/sgml/ref/pg_receivewal.sgml @@ -68,12 +68,13 @@ PostgreSQL documentation The write-ahead log is streamed over a regular PostgreSQL connection and uses the replication - protocol. The connection must be made with a superuser or a user - having REPLICATION permissions (see - ), and pg_hba.conf - must permit the replication connection. The server must also be - configured with set high enough to - leave at least one session available for the stream. + protocol. The connection must be made with a user having + REPLICATION permissions (see + ) or a superuser, and + pg_hba.conf must permit the replication connection. + The server must also be configured with + set high enough to leave at least + one session available for the stream.