Thu Mar 1 13:02:33 PST 2007
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Update of /home/cvsd/slony1/slony1-engine/doc/adminguide In directory main:/tmp/cvs-serv8746/doc/adminguide Modified Files: bestpractices.sgml testbed.sgml Log Message: Add tests to the testbed that confirm the minimal permissions required by those Slony-I connections stored in sl_path. Index: testbed.sgml =================================================================== RCS file: /home/cvsd/slony1/slony1-engine/doc/adminguide/testbed.sgml,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** testbed.sgml 2 Aug 2006 18:34:59 -0000 1.10 --- testbed.sgml 1 Mar 2007 21:02:31 -0000 1.11 *************** *** 95,98 **** --- 95,112 ---- to be a &postgres; <quote>superuser.</quote> </para> </glossdef> </glossentry> + <glossentry><glossterm> <envar>WEAKUSER</envar> </glossterm> + <glossdef><para> By default, the user <filename>postgres</filename> is + used; this is taken as the default user ID to use for the <xref linkend="stmtstorepath"> connections to all of the + databases. </para> + + <para> There are also variables <envar>WEAKUSER1</envar> thru + <envar>WEAKUSER13</envar> which allow specifying a separate user name + for each database instance. This user <emphasis> does not </emphasis> + need to be a &postgres; <quote>superuser.</quote> This user can start + out with no permissions; it winds up granted read permissions on the + tables that the test uses, plus read access throughout the &slony1; + schema, plus write access to one table and sequence used to manage + node locks. </para> </glossdef> </glossentry> + <glossentry><glossterm> <envar>HOST</envar> </glossterm> <glossdef><para> By default, <filename>localhost</filename> is used. Index: bestpractices.sgml =================================================================== RCS file: /home/cvsd/slony1/slony1-engine/doc/adminguide/bestpractices.sgml,v retrieving revision 1.24 retrieving revision 1.25 diff -C2 -d -r1.24 -r1.25 *** bestpractices.sgml 17 Oct 2006 18:45:15 -0000 1.24 --- bestpractices.sgml 1 Mar 2007 21:02:31 -0000 1.25 *************** *** 376,379 **** --- 376,418 ---- </listitem> + <listitem><para> Lowering Authority </para> + + <para> Traditionally, it has been stated that <quote>&slony; needs to + use superuser connections.</quote> It turns out that this is not + entirely true, and and if there are particular concerns about + excessive use of superuser accounts, it is possible to reduce this + considerably. </para> + + <para> It is true to say that each &lslon; <emphasis>must</emphasis> + have a superuser connection in order to manage the node that it is + assigned to. It needs to be able to alter the system catalogue in + order to set up subscriptions and to process alterations + (<emphasis>e.g</emphasis> - to run <xref linkend="stmtddlscript"> and + other events that may alter the role of replicated tables on the local + node). </para> + + <para> However, the connections that &lslon; processes open to other + nodes to access events and process subcriptions do not need to have + nearly so much permission. Indeed, one could set up a <quote>weak + user</quote> assigned to all <xref linkend="stmtstorepath"> requests. + The minimal permissions that this user, let's call it + <command>weakuser</command>, requires are as follows:</para> + + <itemizedlist> + <listitem><para> It must have read access to the &slony1;-specific namespace </para> </listitem> + <listitem><para> It must have read access to all tables and sequences in that namespace</para> </listitem> + <listitem><para> It must have write access to the &slony1; table <envar>sl_nodelock</envar> and sequence <envar>sl_nodelock_nl_conncnt_seq</envar> </para> </listitem> + <listitem><para> At subscribe time, it must have read access to all of the replicated tables. </para> + <para> Outside of subscription time, there is no need for access to access to the replicated tables. </para> </listitem> + <listitem><para> There is some need for read access to tables in pg_catalog; it has not been verified how little access would be suitable. </para> </listitem> + </itemizedlist> + + <para> In version 1.3, the tests in the <xref linkend="testbed"> + support using a <envar>WEAKUSER</envar> so that testing can regularly + confirm the minimal set of permissions needed to support + replication.</para> + + </listitem> + <listitem><para> The section on <link linkend="listenpaths"> listen paths </link> discusses the issues surrounding the table <xref
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Slony1-commit mailing list