Adjust server-side backup to depend on pg_write_server_files.

I had made it depend on superuser, but that seems clearly inferior. Also document the permissions requirement in the straming replication protocol section of the documentation, rather than only in the section having to do with pg_basebackup. Idea and patch from Dagfinn Ilmari Mannsåker. Discussion: http://postgr.es/m/87bkzw160u.fsf@wibble.ilmari.org
2025-07-07 00:36:50 +03:00 · 2022-01-28 12:26:33 -05:00
parent 51891d5a95
commit 7f6772317b
3 changed files with 11 additions and 3 deletions
--- a/src/backend/replication/basebackup_server.c
+++ b/src/backend/replication/basebackup_server.c
@ -10,10 +10,12 @@
 */
 #include "postgres.h"

+#include "catalog/pg_authid.h"
 #include "miscadmin.h"
 #include "replication/basebackup.h"
 #include "replication/basebackup_sink.h"
 #include "storage/fd.h"
+#include "utils/acl.h"
 #include "utils/timestamp.h"
 #include "utils/wait_event.h"

@ -65,10 +67,10 @@ bbsink_server_new(bbsink *next, char *pathname)
 	sink->base.bbs_next = next;

 	/* Replication permission is not sufficient in this case. */
-	if (!superuser())
+	if (!is_member_of_role(GetUserId(), ROLE_PG_WRITE_SERVER_FILES))
 		ereport(ERROR,
 				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
-				 errmsg("must be superuser to create server backup")));
+				 errmsg("must be superuser or a member of the pg_write_server_files role to create server backup")));

 	/*
 	 * It's not a good idea to store your backups in the same directory that