Skip site navigation (1) Skip section navigation (2)

Re: system administration functions with hardcoded superuser checks

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: system administration functions with hardcoded superuser checks
Date: 2013-01-15 14:25:40
Message-ID: 50F566E4.6080708@gmx.net (view raw or flat)
Thread:
Lists: pgsql-hackers
On 12/18/12 12:09 PM, Peter Eisentraut wrote:
> There are some system administration functions that have hardcoded
> superuser checks, specifically:
> 
> pg_reload_conf
> pg_rotate_logfile
> pg_read_file
> pg_read_file_all
> pg_read_binary_file
> pg_read_binary_file_all
> pg_stat_file
> pg_ls_dir
> 
> Some of these are useful in monitoring or maintenance tools, and the
> hardcoded superuser checks require that these tools run with maximum
> privileges.  Couldn't we just install these functions without default
> privileges and allow users to grant privileges as necessary?

This is still being debated, but just for the heck of it, here is a
patch for how this implementation would look like.


Attachment: pg-func-superuser-checks.patch
Description: text/plain (3.0 KB)

In response to

Responses

pgsql-hackers by date

Next:From: Jan WieckDate: 2013-01-15 14:43:04
Subject: Re: strange OOM errors with EXECUTE in PL/pgSQL
Previous:From: Alvaro HerreraDate: 2013-01-15 14:21:05
Subject: Re: recent ALTER whatever .. SET SCHEMA refactoring

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group