Обсуждение: new createuser option for replication role
Hi, Currently createuser cannot create a role with REPLICATION privilege because it doesn't have any option to do that. Which sometimes annoys me when setting up replication. I'd like to propose to add new options "-x (--replication)" and "-X (--no-replication)" into createuser. "-x" allows the new user to do replication, and "-X" disallows. The default is "-X". Is it worth creating the patch? Though I'd like to use "-r" and "-R" as the option name, they have already been used for CREATEROLE privilege. So I'm thinking to use "-x" and "-X" derived from XLOG. But does anyone have better option name? Regards, -- Fujii Masao NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center
On Sat, Sep 10, 2011 at 2:08 PM, Fujii Masao <masao.fujii@gmail.com> wrote: > Currently createuser cannot create a role with REPLICATION privilege > because it doesn't have any option to do that. Which sometimes annoys > me when setting up replication. I'd like to propose to add new options > "-x (--replication)" and "-X (--no-replication)" into createuser. "-x" allows > the new user to do replication, and "-X" disallows. The default is "-X". > Is it worth creating the patch? Patch attached. Regards, -- Fujii Masao NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center
Вложения
Fujii Masao <masao.fujii@gmail.com> writes: > Currently createuser cannot create a role with REPLICATION privilege > because it doesn't have any option to do that. Which sometimes annoys > me when setting up replication. I'd like to propose to add new options > "-x (--replication)" and "-X (--no-replication)" into createuser. "-x" allows > the new user to do replication, and "-X" disallows. The default is "-X". > Is it worth creating the patch? > Though I'd like to use "-r" and "-R" as the option name, they have already > been used for CREATEROLE privilege. So I'm thinking to use "-x" and > "-X" derived from XLOG. But does anyone have better option name? Better solution: don't have a short form of the switch. regards, tom lane
On Sat, Sep 10, 2011 at 11:50 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Fujii Masao <masao.fujii@gmail.com> writes: >> Currently createuser cannot create a role with REPLICATION privilege >> because it doesn't have any option to do that. Which sometimes annoys >> me when setting up replication. I'd like to propose to add new options >> "-x (--replication)" and "-X (--no-replication)" into createuser. "-x" allows >> the new user to do replication, and "-X" disallows. The default is "-X". >> Is it worth creating the patch? > >> Though I'd like to use "-r" and "-R" as the option name, they have already >> been used for CREATEROLE privilege. So I'm thinking to use "-x" and >> "-X" derived from XLOG. But does anyone have better option name? > > Better solution: don't have a short form of the switch. That sounds better. I revised the patch so that it adds only "--replication" option to createuser. Regards, -- Fujii Masao NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center
Вложения
Hello Before doing the complete review, I hit a regression with 9.1 createrole. the command ''createuser -e -s foo" produce : CREATE ROLE foo SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN NOREPLICATION; before it was: CREATE ROLE foo SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN; The REPLICATION was allowed by default to superuser, and the current patch change the default to remove the right. I believe we should add only the REPLICATION when --replication is set, and NOREPLICATION when --no-replication is set. 2011/9/11 Fujii Masao <masao.fujii@gmail.com>: > On Sat, Sep 10, 2011 at 11:50 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: >> Fujii Masao <masao.fujii@gmail.com> writes: >>> Currently createuser cannot create a role with REPLICATION privilege >>> because it doesn't have any option to do that. Which sometimes annoys >>> me when setting up replication. I'd like to propose to add new options >>> "-x (--replication)" and "-X (--no-replication)" into createuser. "-x" allows >>> the new user to do replication, and "-X" disallows. The default is "-X". >>> Is it worth creating the patch? >> >>> Though I'd like to use "-r" and "-R" as the option name, they have already >>> been used for CREATEROLE privilege. So I'm thinking to use "-x" and >>> "-X" derived from XLOG. But does anyone have better option name? >> >> Better solution: don't have a short form of the switch. > > That sounds better. I revised the patch so that it adds only "--replication" > option to createuser. > > Regards, > > -- > Fujii Masao > NIPPON TELEGRAPH AND TELEPHONE CORPORATION > NTT Open Source Software Center > > > -- > Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-hackers > > -- Cédric Villemain +33 (0)6 20 30 22 52 http://2ndQuadrant.fr/ PostgreSQL: Support 24x7 - Développement, Expertise et Formation
On Thu, Sep 22, 2011 at 10:55 PM, Cédric Villemain <cedric.villemain.debian@gmail.com> wrote: > Before doing the complete review, I hit a regression with 9.1 createrole. Thanks! > the command ''createuser -e -s foo" produce : > CREATE ROLE foo SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN NOREPLICATION; > > before it was: > CREATE ROLE foo SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN; > > The REPLICATION was allowed by default to superuser, and the current > patch change the default to remove the right. > > I believe we should add only the REPLICATION when --replication is > set, and NOREPLICATION when --no-replication is set. Agreed. Attached is the updated version of the patch. It adds two options --replication and --no-replication. If neither specified, neither REPLICATION nor NOREPLICATION is specified in CREATE ROLE, i.e., in this case, replication privilege is granted to only superuser. Regards, -- Fujii Masao NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center
Вложения
On Thu, Sep 22, 2011 at 12:45 PM, Fujii Masao <masao.fujii@gmail.com> wrote: > Agreed. Attached is the updated version of the patch. It adds two options > --replication and --no-replication. If neither specified, neither REPLICATION > nor NOREPLICATION is specified in CREATE ROLE, i.e., in this case, > replication privilege is granted to only superuser. Committed. Do we need to make any changes in interactive mode, when we prompt? In theory this could be either wanted or not wanted for either superusers or non-superusers, but I'm not really sure it's worth it, and I certainly don't want the command to go into interactive mode just because neither --replication nor --no-replication was specified. Thoughts? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
2011/9/23 Robert Haas <robertmhaas@gmail.com>: > On Thu, Sep 22, 2011 at 12:45 PM, Fujii Masao <masao.fujii@gmail.com> wrote: >> Agreed. Attached is the updated version of the patch. It adds two options >> --replication and --no-replication. If neither specified, neither REPLICATION >> nor NOREPLICATION is specified in CREATE ROLE, i.e., in this case, >> replication privilege is granted to only superuser. > > Committed. Do we need to make any changes in interactive mode, when > we prompt? In theory this could be either wanted or not wanted for > either superusers or non-superusers, but I'm not really sure it's > worth it, and I certainly don't want the command to go into > interactive mode just because neither --replication nor > --no-replication was specified. > > Thoughts? I believe the intereactive mode is useless. There is still an issue with the patch for the documentation: a superuser, even with NOREPLICATION is allowed to perform pg_start_backup() and pg_stop_backup(). > > -- > Robert Haas > EnterpriseDB: http://www.enterprisedb.com > The Enterprise PostgreSQL Company > -- Cédric Villemain +33 (0)6 20 30 22 52 http://2ndQuadrant.fr/ PostgreSQL: Support 24x7 - Développement, Expertise et Formation
2011/9/23 Cédric Villemain <cedric.villemain.debian@gmail.com>: > 2011/9/23 Robert Haas <robertmhaas@gmail.com>: >> On Thu, Sep 22, 2011 at 12:45 PM, Fujii Masao <masao.fujii@gmail.com> wrote: >>> Agreed. Attached is the updated version of the patch. It adds two options >>> --replication and --no-replication. If neither specified, neither REPLICATION >>> nor NOREPLICATION is specified in CREATE ROLE, i.e., in this case, >>> replication privilege is granted to only superuser. >> >> Committed. Do we need to make any changes in interactive mode, when >> we prompt? In theory this could be either wanted or not wanted for >> either superusers or non-superusers, but I'm not really sure it's >> worth it, and I certainly don't want the command to go into >> interactive mode just because neither --replication nor >> --no-replication was specified. >> >> Thoughts? > > I believe the intereactive mode is useless. > > There is still an issue with the patch for the documentation: a > superuser, even with NOREPLICATION is allowed to perform > pg_start_backup() and pg_stop_backup(). noise, sorry I've just read the commited patch which fixed that. > > >> >> -- >> Robert Haas >> EnterpriseDB: http://www.enterprisedb.com >> The Enterprise PostgreSQL Company >> > > > > -- > Cédric Villemain +33 (0)6 20 30 22 52 > http://2ndQuadrant.fr/ > PostgreSQL: Support 24x7 - Développement, Expertise et Formation > -- Cédric Villemain +33 (0)6 20 30 22 52 http://2ndQuadrant.fr/ PostgreSQL: Support 24x7 - Développement, Expertise et Formation
On Fri, Sep 23, 2011 at 10:47 PM, Cédric Villemain <cedric.villemain.debian@gmail.com> wrote: > 2011/9/23 Robert Haas <robertmhaas@gmail.com>: >> On Thu, Sep 22, 2011 at 12:45 PM, Fujii Masao <masao.fujii@gmail.com> wrote: >>> Agreed. Attached is the updated version of the patch. It adds two options >>> --replication and --no-replication. If neither specified, neither REPLICATION >>> nor NOREPLICATION is specified in CREATE ROLE, i.e., in this case, >>> replication privilege is granted to only superuser. >> >> Committed. Do we need to make any changes in interactive mode, when >> we prompt? In theory this could be either wanted or not wanted for >> either superusers or non-superusers, but I'm not really sure it's >> worth it, and I certainly don't want the command to go into >> interactive mode just because neither --replication nor >> --no-replication was specified. >> >> Thoughts? > > I believe the intereactive mode is useless. Agreed. I think that a majority of "createuser" users are not interested in REPLICATION privilege yet. Regards, -- Fujii Masao NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center