From 9b8aff8c192e2f313f90395d114c58a9ef84f97f Mon Sep 17 00:00:00 2001 From: Magnus Hagander Date: Wed, 29 Dec 2010 11:05:03 +0100 Subject: Add REPLICATION privilege for ROLEs This privilege is required to do Streaming Replication, instead of superuser, making it possible to set up a SR slave that doesn't have write permissions on the master. Superuser privileges do NOT override this check, so in order to use the default superuser account for replication it must be explicitly granted the REPLICATION permissions. This is backwards incompatible change, in the interest of higher default security. --- src/backend/utils/init/postinit.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/backend/utils/init/postinit.c') diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index db06cda46e8..eaaf27ffa51 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -658,11 +658,11 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username, { Assert(!bootstrap); - /* must have authenticated as a superuser */ - if (!am_superuser) + /* must have authenticated as a replication role */ + if (!is_authenticated_user_replication_role()) ereport(FATAL, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("must be superuser to start walsender"))); + errmsg("must be replication role to start walsender"))); /* process any options passed in the startup packet */ if (MyProcPort != NULL) -- cgit v1.2.3