Skip site navigation (1) Skip section navigation (2)

Re: ACLs versus ALTER OWNER

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>
Cc: Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>,PostgreSQL Developers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: ACLs versus ALTER OWNER
Date: 2004-06-02 13:38:12
Message-ID: 23662.1086183492@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> writes:
> I think we need a proper 'effective user' facility.

> At the moment, there's breakage if a super user creates a language, then 
> drops their superuser privs, then the dump cannot be restored.

The problem here is not with pg_dump; the problem is that dropping
privileges doesn't cascade to dropping objects that are dependent on
those privileges.  AFAICS the SQL spec requires us to be able to do
the latter.  If we're gonna invest work on fixing this, we ought to do
what the spec tells us to, not invent warts on the security model.
Tossing in expedient concepts like "effective user" is a great recipe
for creating unfixable security holes.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2004-06-02 13:52:28
Subject: Re: Nested transactions and tuple header info
Previous:From: Tom LaneDate: 2004-06-02 13:33:53
Subject: Re: ACLs versus ALTER OWNER

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group