Skip site navigation (1) Skip section navigation (2)

BUG #1830: Non-super-user must be able to copy from a file

From: "Bernard" <bht(at)actrix(dot)gen(dot)nz>
To: pgsql-bugs(at)postgresql(dot)org
Subject: BUG #1830: Non-super-user must be able to copy from a file
Date: 2005-08-17 08:22:16
Message-ID: 20050817082216.8E7BAF0C12@svr2.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-bugspgsql-general
The following bug has been logged online:

Bug reference:      1830
Logged by:          Bernard
Email address:      bht(at)actrix(dot)gen(dot)nz
PostgreSQL version: 8.0.3
Operating system:   Linux RedHat 9
Description:        Non-super-user must be able to copy from a file
Details: 

On the attempt to bulk load a table from a file that is owned by the
non-superuser current database user, the following error message is
printed:

"must be superuser to COPY to or from a file"

What is the reason for this limitation?

It can't justifiably be for security reasons because if a web application
such as tomcat requires to bulk load tables automatically on a regular basis
then one would be forced to let the web application connect as superuser,
which is very bad for security.

In MySQL bulk loading works for all users.

We need a Postgresql solution.

We have a web application where both MySQL and Postresql are supported. With
Postgresql, the application would have to connect as user postgres. We have
to explain this security risk to our clients very clearly.

Responses

pgsql-bugs by date

Next:From: Bruno Wolff IIIDate: 2005-08-17 11:51:12
Subject: Re: BUG #1830: Non-super-user must be able to copy from a file
Previous:From: Lee Hyun soonDate: 2005-08-17 08:13:28
Subject: BUG #1829: pgsql odbc & ADO.NET(modify)

pgsql-general by date

Next:From: Aliomar Mariano RegoDate: 2005-08-17 08:24:00
Subject: Set autocommit to off
Previous:From: Junaili LieDate: 2005-08-17 05:43:11
Subject: Re: table clustering brings joy

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group