Give superusers REPLIACTION permission by default

This can be overriden by using NOREPLICATION on the CREATE ROLE
statement, but by default they will have it, making it backwards
compatible and "less surprising" (given that superusers normally
override all checks).

6 files changed, 22 insertions, 10 deletions

diff --git a/doc/src/sgml/high-availability.sgml b/doc/src/sgml/high-availability.sgml
index 2c24fd9c139..b1ec461f53e 100644
--- a/doc/src/sgml/high-availability.sgml
+++ b/doc/src/sgml/high-availability.sgml
@@ -805,9 +805,9 @@ archive_cleanup_command = 'pg_archivecleanup /path/to/archive %r'
     <note>
      <para>
       It is recommended that a dedicated user account is used for replication.
-      While it is possible to add  the <literal>REPLICATION</> privilege to
-      a superuser account for the purporses of replication, this is not
-      recommended. While <literal>REPLICATION</> privilege gives very high
+      While the <literal>REPLICATION</> privilege is granted to superuser
+      accounts by default, it is not recommended to use superuser accounts
+      for replication. While <literal>REPLICATION</> privilege gives very high
       permissions, it does not allow the user to modify any data on the
       primary system, which the <literal>SUPERUSER</> privilege does.
      </para>
diff --git a/doc/src/sgml/ref/create_role.sgml b/doc/src/sgml/ref/create_role.sgml
index 7cc7f149fdc..43bec5d8e13 100644
--- a/doc/src/sgml/ref/create_role.sgml
+++ b/doc/src/sgml/ref/create_role.sgml
@@ -185,7 +185,8 @@ CREATE ROLE <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replac
         A role having the <literal>REPLICATION</> attribute is a very
         highly privileged role, and should only be used on roles actually
         used for replication. If not specified,
-        <literal>NOREPLICATION</literal> is the default.
+        <literal>NOREPLICATION</literal> is the default for all roles except
+        superusers.
        </para>
       </listitem>
      </varlistentry>
diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml
index 08b3fb7dc42..2830aec49ca 100644
--- a/doc/src/sgml/user-manag.sgml
+++ b/doc/src/sgml/user-manag.sgml
@@ -175,7 +175,11 @@ CREATE USER <replaceable>name</replaceable>;
         to do most of your work as a role that is not a superuser.
         To create a new database superuser, use <literal>CREATE ROLE
         <replaceable>name</replaceable> SUPERUSER</literal>.  You must do
-        this as a role that is already a superuser.
+        this as a role that is already a superuser. Creating a superuser
+        will by default also grant permissions to initiate streaming
+        replication. For increased security this can be disallowed using
+        <literal>CREATE ROLE <replaceable>name</replaceable> SUPERUSER
+        NOREPLICATION</literal>.
        </para>
       </listitem>
      </varlistentry>
@@ -214,9 +218,8 @@ CREATE USER <replaceable>name</replaceable>;
       <listitem>
        <para>
         A role must explicitly be given permission to initiate streaming
-        replication (superusers do not bypass this check). A role used
-        for streaming replication must always have <literal>LOGIN</>
-        permission as well. To create such a role, use
+        replication. A role used for streaming replication must always
+        have <literal>LOGIN</> permission as well. To create such a role, use
         <literal>CREATE ROLE <replaceable>name</replaceable> REPLICATION
         LOGIN</literal>.
        </para>
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 9e505b7525f..be049cb9945 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -248,7 +248,15 @@ CreateRole(CreateRoleStmt *stmt)
 	if (dpassword && dpassword->arg)
 		password = strVal(dpassword->arg);
 	if (dissuper)
+	{
 		issuper = intVal(dissuper->arg) != 0;
+		/*
+		 * Superusers get replication by default, but only if
+		 * NOREPLICATION wasn't explicitly mentioned
+		 */
+		if (!(disreplication && intVal(disreplication->arg) == 0))
+			isreplication = 1;
+	}
 	if (dinherit)
 		inherit = intVal(dinherit->arg) != 0;
 	if (dcreaterole)
diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h
index 2daf9f80ef4..3f5ef242ed2 100644
--- a/src/include/catalog/catversion.h
+++ b/src/include/catalog/catversion.h
@@ -53,6 +53,6 @@
  */
 
 /*							yyyymmddN */
-#define CATALOG_VERSION_NO	201101031
+#define CATALOG_VERSION_NO	201101051
 
 #endif
diff --git a/src/include/catalog/pg_authid.h b/src/include/catalog/pg_authid.h
index 7eee4cb5cbc..0c5ae443a0d 100644
--- a/src/include/catalog/pg_authid.h
+++ b/src/include/catalog/pg_authid.h
@@ -93,7 +93,7 @@ typedef FormData_pg_authid *Form_pg_authid;
  * user choices.
  * ----------------
  */
-DATA(insert OID = 10 ( "POSTGRES" t t t t t t f -1 _null_ _null_ ));
+DATA(insert OID = 10 ( "POSTGRES" t t t t t t t -1 _null_ _null_ ));
 
 #define BOOTSTRAP_SUPERUSERID 10