Make superuser imply replication privilege. The idea of a privilege that

superuser doesn't have doesn't make much sense, as a superuser can do whatever he wants through other means, anyway. So instead of granting replication privilege to superusers in CREATE USER time by default, allow replication connection from superusers whether or not they have the replication privilege. Patch by Noah Misch, per discussion on bug report #6264
2025-12-21 05:21:08 +03:00 · 2012-01-14 18:22:16 +02:00
parent ea038d65c2
commit 00c5f55061
8 changed files with 32 additions and 56 deletions
--- a/doc/src/sgml/user-manag.sgml
+++ b/doc/src/sgml/user-manag.sgml
@@ -169,16 +169,11 @@ CREATE USER <replaceable>name</replaceable>;
      <listitem>
       <para>
        A database superuser bypasses all permission checks, except the right
-        to log in or the right to initiate replication.  This is a
-        dangerous privilege and should not be used carelessly; it is best
-        to do most of your work as a role that is not a superuser.
-        To create a new database superuser, use <literal>CREATE ROLE
-        <replaceable>name</replaceable> SUPERUSER</literal>.  You must do
-        this as a role that is already a superuser. Creating a superuser
-        will by default also grant permissions to initiate streaming
-        replication. For increased security this can be disallowed using
-        <literal>CREATE ROLE <replaceable>name</replaceable> SUPERUSER
-        NOREPLICATION</literal>.
+        to log in.  This is a dangerous privilege and should not be used
+        carelessly; it is best to do most of your work as a role that is not a
+        superuser.  To create a new database superuser, use <literal>CREATE
+        ROLE <replaceable>name</replaceable> SUPERUSER</literal>.  You must do
+        this as a role that is already a superuser.
       </para>
      </listitem>
     </varlistentry>
@@ -217,7 +212,8 @@ CREATE USER <replaceable>name</replaceable>;
      <listitem>
       <para>
        A role must explicitly be given permission to initiate streaming
-        replication. A role used for streaming replication must always
+        replication (except for superusers, since those bypass all permission
+        checks). A role used for streaming replication must always
        have <literal>LOGIN</> permission as well. To create such a role, use
        <literal>CREATE ROLE <replaceable>name</replaceable> REPLICATION
        LOGIN</literal>.