"node check": check role membership when trying to read pg_settings

From PostgreSQL 10, a member of the default roles "pg_monitor" and/or "pg_read_all_settings" can read pg_settings without requiring superuser privileges. Previously, a hint was being emitted about making the repmgr user a member of one of those groups, but no check for membership was being made, meaning the check could only be run by a superuser.
2026-03-22 22:56:29 +00:00 · 2019-08-07 14:23:50 +09:00
parent 10870503d1
commit 38b373e6df
4 changed files with 53 additions and 6 deletions
--- a/repmgr-action-node.c
+++ b/repmgr-action-node.c
@@ -1833,7 +1833,7 @@ do_node_check_data_directory(PGconn *conn, OutputMode mode, t_node_info *node_in
 	 * a superuser connection
 	 */

-	if (is_superuser_connection(conn, NULL) == true)
+	if (connection_has_pg_settings(conn) == true)
 	{
 		/* we expect to have a database connection */
 		if (get_pg_setting(conn, "data_directory", actual_data_directory) == false)
@@ -1878,7 +1878,7 @@ do_node_check_data_directory(PGconn *conn, OutputMode mode, t_node_info *node_in
 			/* XXX add -S/--superuser option */
 			if (PQserverVersion(conn) >= 100000)
 			{
-				log_hint(_("add the \"%s\" user to group \"pg_read_all_settings\""),
+				log_hint(_("add the \"%s\" user to group \"pg_read_all_settings\" or \"pg_monitor\""),
 						   PQuser(conn));
 			}
 		}