Re: BUG #1830: Non-super-user must be able to copy from a file

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Bernard <bht(at)actrix(dot)gen(dot)nz>
Cc: pgsql-bugs(at)postgresql(dot)org, pgsql-general(at)postgresql(dot)org
Subject: Re: BUG #1830: Non-super-user must be able to copy from a file
Date: 2005-08-17 11:51:12
Message-ID: 20050817115112.GA26038@wolff.to
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs pgsql-general

On Wed, Aug 17, 2005 at 09:22:16 +0100,
Bernard <bht(at)actrix(dot)gen(dot)nz> wrote:
>
> The following bug has been logged online:

This isn't a bug and you really should have asked this question on
another list. I am moving the discussion over to the general list.

>
> Bug reference: 1830
> Logged by: Bernard
> Email address: bht(at)actrix(dot)gen(dot)nz
> PostgreSQL version: 8.0.3
> Operating system: Linux RedHat 9
> Description: Non-super-user must be able to copy from a file
> Details:
>
> On the attempt to bulk load a table from a file that is owned by the
> non-superuser current database user, the following error message is
> printed:
>
> "must be superuser to COPY to or from a file"
>
> What is the reason for this limitation?

This is described in the documentation for the copy command.

>
> It can't justifiably be for security reasons because if a web application
> such as tomcat requires to bulk load tables automatically on a regular basis
> then one would be forced to let the web application connect as superuser,
> which is very bad for security.

No, because you can have the app read the file and then pass the data to
the copy command. To do this you use STDIN as the file name.

>
> In MySQL bulk loading works for all users.

You can use the \copy command in psql to load data from files.

>
> We need a Postgresql solution.
>
> We have a web application where both MySQL and Postresql are supported. With
> Postgresql, the application would have to connect as user postgres. We have
> to explain this security risk to our clients very clearly.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: Don't 'kill -9' the postmaster

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Greg Sabino Mullane 2005-08-17 19:52:54 BUG #1831: plperl gives error after reconnect.
Previous Message Bernard 2005-08-17 08:22:16 BUG #1830: Non-super-user must be able to copy from a file

Browse pgsql-general by date

  From Date Subject
Next Message Sean Davis 2005-08-17 12:18:22 Re: Set autocommit to off
Previous Message Dawid Kuroczko 2005-08-17 11:05:07 Re: cobol storedprocedures