Index: modules/system/system.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.module,v
retrieving revision 1.692
diff -u -r1.692 system.module
--- modules/system/system.module	12 May 2009 08:37:45 -0000	1.692
+++ modules/system/system.module	12 May 2009 14:24:15 -0000
@@ -181,6 +181,10 @@
       'title' => t('Administer site configuration'),
       'description' => t('Configure site-wide settings such as module or theme administration settings.'),
     ),
+    'access site updates' => array(
+      'title' => t('Execute site updates'),
+      'description' => t('Run the update.php script.'),
+    ),
     'administer actions' => array(
       'title' => t('Administer actions'),
       'description' => t('Manage the actions defined for your site.'),
Index: sites/default/default.settings.php
===================================================================
RCS file: /cvs/drupal/drupal/sites/default/default.settings.php,v
retrieving revision 1.24
diff -u -r1.24 default.settings.php
--- sites/default/default.settings.php	24 Apr 2009 08:16:56 -0000	1.24
+++ sites/default/default.settings.php	12 May 2009 14:24:15 -0000
@@ -157,10 +157,10 @@
  * Access control for update.php script
  *
  * If you are updating your Drupal installation using the update.php script
- * being not logged in as administrator, you will need to modify the access
- * check statement below. Change the FALSE to a TRUE to disable the access
- * check. After finishing the upgrade, be sure to open this file again
- * and change the TRUE back to a FALSE!
+ * being not logged in as administrator, or without the 'access site updates'
+ * permission, you will need to modify the access check statement below. Change
+ * the FALSE to a TRUE to disable the access check. After finishing the upgrade,
+ * be sure to open this file again and change the TRUE back to a FALSE!
  */
 $update_free_access = FALSE;
 
Index: update.php
===================================================================
RCS file: /cvs/drupal/drupal/update.php,v
retrieving revision 1.282
diff -u -r1.282 update.php
--- update.php	12 May 2009 08:37:44 -0000	1.282
+++ update.php	12 May 2009 14:24:15 -0000
@@ -13,9 +13,10 @@
  * Point your browser to "http://www.example.com/update.php" and follow the
  * instructions.
  *
- * If you are not logged in as administrator, you will need to modify the access
- * check statement inside your settings.php file. After finishing the upgrade,
- * be sure to open settings.php again, and change it back to its original state!
+ * If you are not logged in as administrator or do not have the 'access site
+ * updates' permission, you will need to modify the access check statement
+ * inside your settings.php file. After finishing the upgrade, be sure to open
+ * settings.php again, and change it back to its original state!
  */
 
 /**
@@ -434,13 +435,15 @@
 }
 
 function update_access_denied_page() {
+  drupal_set_header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
+  watchdog('access denied', 'update.php', NULL, WATCHDOG_WARNING);
   drupal_set_title('Access denied');
-  return '<p>Access denied. You are not authorized to access this page. Please log in as the admin user (the first user you created). If you cannot log in, you will have to edit <code>settings.php</code> to bypass this access check. To do this:</p>
+  return '<p>Access denied. You are not authorized to access this page. Please grant your user the <em>Execute site updates</em> permission, or log in as the admin user (the first user you created). If you cannot log in, you will have to edit <code>settings.php</code> to bypass this access check. To do this:</p>
 <ol>
  <li>With a text editor find the settings.php file on your system. From the main Drupal directory that you installed all the files into, go to <code>sites/your_site_name</code> if such directory exists, or else to <code>sites/default</code> which applies otherwise.</li>
  <li>There is a line inside your settings.php file that says <code>$update_free_access = FALSE;</code>. Change it to <code>$update_free_access = TRUE;</code>.</li>
  <li>As soon as the update.php script is done, you must change the settings.php file back to its original form with <code>$update_free_access = FALSE;</code>.</li>
- <li>To avoid having this problem in future, remember to log in to your website as the admin user (the user you first created) before you backup your database at the beginning of the update process.</li>
+ <li>To avoid having this problem in future, remember to log in to your website as a user with the <em>Administer site updates</em> permission, or as the admin user (the user you first created) before you backup your database at the beginning of the update process.</li>
 </ol>';
 }
 
@@ -728,7 +731,7 @@
 
 // Determine if the current user has access to run update.php.
 drupal_bootstrap(DRUPAL_BOOTSTRAP_SESSION);
-$update_access_allowed = !empty($update_free_access) || $user->uid == 1;
+$update_access_allowed = !empty($update_free_access) || user_access('administer site updates');
 
 // Only allow the requirements check to proceed if the current user has access
 // to run updates (since it may expose sensitive information about the site's