diff options
| author | Robert Haas <rhaas@postgresql.org> | 2022-01-28 12:26:33 -0500 |
|---|---|---|
| committer | Robert Haas <rhaas@postgresql.org> | 2022-01-28 12:31:40 -0500 |
| commit | 7f6772317b4a4f9d30c25d1853571fca6d834f0c (patch) | |
| tree | 24ad2d60e545cb57f5351d89630899757bf473ec | |
| parent | 51891d5a95605c4e98324731b386345d89c5a71e (diff) | |
| download | postgresql-7f6772317b4a4f9d30c25d1853571fca6d834f0c.tar.gz postgresql-7f6772317b4a4f9d30c25d1853571fca6d834f0c.zip | |
Adjust server-side backup to depend on pg_write_server_files.
I had made it depend on superuser, but that seems clearly inferior.
Also document the permissions requirement in the straming replication
protocol section of the documentation, rather than only in the
section having to do with pg_basebackup.
Idea and patch from Dagfinn Ilmari Mannsåker.
Discussion: http://postgr.es/m/87bkzw160u.fsf@wibble.ilmari.org
| -rw-r--r-- | doc/src/sgml/protocol.sgml | 5 | ||||
| -rw-r--r-- | doc/src/sgml/ref/pg_basebackup.sgml | 3 | ||||
| -rw-r--r-- | src/backend/replication/basebackup_server.c | 6 |
3 files changed, 11 insertions, 3 deletions
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml index 68908dcb7b3..24e93f9b284 100644 --- a/doc/src/sgml/protocol.sgml +++ b/doc/src/sgml/protocol.sgml @@ -2647,6 +2647,11 @@ The commands accepted in replication mode are: <literal>blackhole</literal>, the backup data is not sent anywhere; it is simply discarded. </para> + + <para> + The <literal>server</literal> target requires superuser privilege or + being granted the <literal>pg_write_server_files</literal> role. + </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/pg_basebackup.sgml b/doc/src/sgml/ref/pg_basebackup.sgml index dfd8aebc9a3..1546f10c0d9 100644 --- a/doc/src/sgml/ref/pg_basebackup.sgml +++ b/doc/src/sgml/ref/pg_basebackup.sgml @@ -237,7 +237,8 @@ PostgreSQL documentation <literal>server:/some/path</literal>, the backup will be stored on the machine where the server is running in the <literal>/some/path</literal> directory. Storing a backup on the - server requires superuser privileges. If the target is set to + server requires superuser privileges or being granted the + <literal>pg_write_server_files</literal> role. If the target is set to <literal>blackhole</literal>, the contents are discarded and not stored anywhere. This should only be used for testing purposes, as you will not end up with an actual backup. diff --git a/src/backend/replication/basebackup_server.c b/src/backend/replication/basebackup_server.c index ce1b7b47977..18b0e11d903 100644 --- a/src/backend/replication/basebackup_server.c +++ b/src/backend/replication/basebackup_server.c @@ -10,10 +10,12 @@ */ #include "postgres.h" +#include "catalog/pg_authid.h" #include "miscadmin.h" #include "replication/basebackup.h" #include "replication/basebackup_sink.h" #include "storage/fd.h" +#include "utils/acl.h" #include "utils/timestamp.h" #include "utils/wait_event.h" @@ -65,10 +67,10 @@ bbsink_server_new(bbsink *next, char *pathname) sink->base.bbs_next = next; /* Replication permission is not sufficient in this case. */ - if (!superuser()) + if (!is_member_of_role(GetUserId(), ROLE_PG_WRITE_SERVER_FILES)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("must be superuser to create server backup"))); + errmsg("must be superuser or a member of the pg_write_server_files role to create server backup"))); /* * It's not a good idea to store your backups in the same directory that |