diff options
| -rw-r--r-- | doc/src/sgml/protocol.sgml | 5 | ||||
| -rw-r--r-- | doc/src/sgml/ref/pg_basebackup.sgml | 3 | ||||
| -rw-r--r-- | src/backend/replication/basebackup_server.c | 6 |
3 files changed, 11 insertions, 3 deletions
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml index 68908dcb7b3..24e93f9b284 100644 --- a/doc/src/sgml/protocol.sgml +++ b/doc/src/sgml/protocol.sgml @@ -2647,6 +2647,11 @@ The commands accepted in replication mode are: <literal>blackhole</literal>, the backup data is not sent anywhere; it is simply discarded. </para> + + <para> + The <literal>server</literal> target requires superuser privilege or + being granted the <literal>pg_write_server_files</literal> role. + </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/pg_basebackup.sgml b/doc/src/sgml/ref/pg_basebackup.sgml index dfd8aebc9a3..1546f10c0d9 100644 --- a/doc/src/sgml/ref/pg_basebackup.sgml +++ b/doc/src/sgml/ref/pg_basebackup.sgml @@ -237,7 +237,8 @@ PostgreSQL documentation <literal>server:/some/path</literal>, the backup will be stored on the machine where the server is running in the <literal>/some/path</literal> directory. Storing a backup on the - server requires superuser privileges. If the target is set to + server requires superuser privileges or being granted the + <literal>pg_write_server_files</literal> role. If the target is set to <literal>blackhole</literal>, the contents are discarded and not stored anywhere. This should only be used for testing purposes, as you will not end up with an actual backup. diff --git a/src/backend/replication/basebackup_server.c b/src/backend/replication/basebackup_server.c index ce1b7b47977..18b0e11d903 100644 --- a/src/backend/replication/basebackup_server.c +++ b/src/backend/replication/basebackup_server.c @@ -10,10 +10,12 @@ */ #include "postgres.h" +#include "catalog/pg_authid.h" #include "miscadmin.h" #include "replication/basebackup.h" #include "replication/basebackup_sink.h" #include "storage/fd.h" +#include "utils/acl.h" #include "utils/timestamp.h" #include "utils/wait_event.h" @@ -65,10 +67,10 @@ bbsink_server_new(bbsink *next, char *pathname) sink->base.bbs_next = next; /* Replication permission is not sufficient in this case. */ - if (!superuser()) + if (!is_member_of_role(GetUserId(), ROLE_PG_WRITE_SERVER_FILES)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("must be superuser to create server backup"))); + errmsg("must be superuser or a member of the pg_write_server_files role to create server backup"))); /* * It's not a good idea to store your backups in the same directory that |