Skip site navigation (1) Skip section navigation (2)

CREATEROLE, CREATEDB

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Subject: CREATEROLE, CREATEDB
Date: 2007-06-05 14:04:44
Message-ID: 200706051604.44929.peter_e@gmx.net (view raw or flat)
Thread:
Lists: pgsql-hackers
Is it correct that a user with CREATEROLE privilege but without CREATEDB 
privilege can create a user with *CREATEDB* privilege, thus bypassing his 
original restrictions?  This sequence doesn't look right:

pei=# create user foo1 createrole;
CREATE ROLE
pei=# \c - foo1
You are now connected to database "pei" as user "foo1".
pei=> create database test;
ERROR:  permission denied to create database
pei=> create user foo2 createdb;
CREATE ROLE
pei=> \c - foo2
You are now connected to database "pei" as user "foo2".
pei=> create database test;
CREATE DATABASE

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

Responses

pgsql-hackers by date

Next:From: Merlin MoncureDate: 2007-06-05 14:45:35
Subject: Re: libpq and Binary Data Formats
Previous:From: Andrew DunstanDate: 2007-06-05 13:56:45
Subject: Re: [HACHERS] privilege check: column level only?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group