| From: | L Bayuk <lbayuk(at)pobox(dot)com> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | 8.2.0 upgrade issue: loss of CONNECT rights |
| Date: | 2006-12-28 00:45:46 |
| Message-ID: | 20061228004546.GB364@mail.mindspring.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Another thing to watch out for when upgrading to 8.2.0:
I had some 8.1.x databases with restricted rights, like REVOKE CREATE ON
DATABASE. After pg_dumpall and reload into 8.2.0, I lost CONNECT rights on
those databases. So only the superuser account can connect. The reason
seems to be that my dump file had REVOKE ALL ON DATABASE, then added the
specific GRANT rights. At 8.2.0, REVOKE ALL includes revoking CONNECT
rights even though they were always granted at 8.1.5.
For example, here are my database rights under 8.1.5:
{postgres=CT/postgres,=T/postgres,lbayuk=C/postgres}
So public has TEMP, I have CREATE (and TEMP, via public).
My dump file had something like this:
CREATE DATABASE test WITH ...
REVOKE ALL ON DATABASE test FROM PUBLIC;
REVOKE ALL ON DATABASE test FROM postgres;
GRANT ALL ON DATABASE test TO postgres;
GRANT TEMPORARY ON DATABASE test TO PUBLIC;
GRANT CREATE ON DATABASE test TO lbayuk;
After the upgrade to 8.2.0 the database rights are:
{postgres=CTc/postgres,=T/postgres,lbayuk=C/postgres}
So now me and PUBLIC cannot connect because we don't have the new 'c' right.
I tried using both 8.1.5 pg_dumpall and 8.2.0 pg_dumpall to dump the
8.1.5 database, and both had the problem.
To fix: GRANT CONNECT ON DATABASE ... TO PUBLIC;
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2006-12-28 01:26:42 | Re: 8.2.0 upgrade issue: loss of CONNECT rights |
| Previous Message | L Bayuk | 2006-12-28 00:43:28 | 8.2.0 upgrade issue: postmaster -S |