| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Brad Nicholson" <bradn(at)ca(dot)ibm(dot)com> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: PG13 Trusted Extension usability issue |
| Date: | 2020-06-26 21:06:01 |
| Message-ID: | 30665.1593205561@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"Brad Nicholson" <bradn(at)ca(dot)ibm(dot)com> writes:
> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote on 2020/06/26 02:47:25 PM:
>> I'm confused about your point here. postgresql_fdw has intentionally
>> *not* been marked trusted. That's partly because it doesn't seem like
>> outside-the-database access is something we want to allow by default,
>> but it's also the case that there are inside-the-database permissions
>> issues.
> Ah - I misread the docs. Specifically I read this:
> "For many extensions this means superuser privileges are needed. However,
> if the extension is marked trusted in its control file, then it can be
> installed by any user who has CREATE privilege on the current database"
> To mean that you could mark any extension as trusted in the control file to
> allow non-superuser installation.
Well, it's just like anything else in an open-source database: you can
change the code however you want, but the fallout from that is on you.
In the case at hand, you might be able to do what you want by adding
something along the line of
GRANT USAGE ON FOREIGN DATA WRAPPER postgres_fdw
TO @extowner@ WITH GRANT OPTION;
to the extension install script. But nobody's researched whether that's
reasonable from a security standpoint, or whether it will play nicely
with dump/reload, etc etc.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2020-06-26 21:46:17 | Re: BUG #16513: Postgresql HA Cluster |
| Previous Message | Gabe Kopley | 2020-06-26 19:13:17 | Re: Interpreting autovacuum logs (9.6) |