Why repmgr role needs superuser privileges ?

[gp4git]

Can you detail for which features postgresql role needs supeuuser privs ?
For security reasons i would like to constrain it to the minimum necessary.

Thanks in advance for any reply.

[martinmarques]

It needs to read sensitive information from pg_settings which only a super user can.

More precisely, these tuples need to be read:
data_directory, config_file, hba_file, ident_file and stats_temp_directory

The information is needed for cloning, so it knows which files to rsync (if they happen to be outside pgdata).

Regards,

[gp4git]

Thanks for following up.
But there are more reasons as I first encounter the problem when I try to register the master (i.e. repmgr master register) using a postgresql user with only replication privilege
=> [ERROR] unable to create the function repmgr_update_last_updated: ERROR: permission denied for language c

That triggers another question : why installing these functions by default if we do not use repmgrd ?

Regards

[martinmarques]

I don't understand your question. What specifically do you want repmgr to do for you?

There are many tasks that repmgr does which require superuser privileges, although some could be circumvented.

Regards,

[gp4git]

I wanted to know if with repmgr release 3 it was still necessary to give superuser privilege to repmgr user as for starter I ONLY want to use plain repmgr features (cloning and switchover) BUT NOT repmgrd features (failover and monitoring).
Hope this clears the issue.

And concerning my previous comment (default install of repmgr_funcs when you don't use repmgrd), I will open another issue.

Anyway, best regards for your feedback.

[martinmarques]

Well, as I said before, you need superuser privileges for cloning.

Regards,

[gp4git]

But you wrote cloning in rsync context. But I will always use pg_basebackup not rsync.
Regards

[martinmarques]

I did not say that. ;)

I said that repmgr needs to run this query during the cloning process, which only a superuser can:

WITH dd AS (
SELECT setting
FROM pg_settings
WHERE name = 'data_directory'
)
SELECT ps.name, ps.setting,
ps.setting ~ ('^' || dd.setting) AS in_data_dir
FROM dd, pg_settings ps
WHERE ps.name IN ('data_directory', 'config_file', 'hba_file', 'ident_file')
ORDER BY 1

If the configuration files reside outside PGDATA (very common on Debian and Ubuntu systems), then they will need to be rsyncd separately, as pg_basebackup can't copy them.

Regards,

[amenonsen]

It is not a priority for us to make it possible to use repmgr without superuser privileges. If this is something that you particularly need, you will need to review and make the necessary changes to the source code (for example, if everything you need can always be copied with pg_basebackup, you don't need to run the above query).

[gp4git]

Fair enough. I understand your point but I'm always suspicious concerning granting superuser priv.
Regards