Skip site navigation (1) Skip section navigation (2)

drop user bug ?

From: Jerome ALET <alet(at)unice(dot)fr>
To: pgsql-bugs(at)postgresql(dot)org
Cc: alet(at)unice(dot)fr
Subject: drop user bug ?
Date: 2000-02-23 09:21:00
Message-ID: Pine.LNX.3.96.1000223100507.7506A-100000@cortex.unice.fr (view raw or flat)
Thread:
Lists: pgsql-bugs
Hi,

I suppose the following is a bug, but it's not a coding one, just a 
bug in the way postgresql works, or maybe it's only a feature I don't
understand (if that's the case I sincerely apologize) :

I use postgresql 6.5.3 under Linux 2.0.35 + libc 5.3.12, but I suppose
this doesn't matter:

vroum=> CREATE USER john;
CREATE USER
vroum=> GRANT SELECT,UPDATE ON couleur TO john;
CHANGE
vroum=> \z
Database    = vroum
 +------------------+------------------------------+
 | Relation         | Grant/Revoke Permissions     |
 +------------------+------------------------------+
 | couleur          | {"=","uvroum=arwR","john=rw"} |

vroum=> DROP USER john;
DROP USER
vroum=> \z
Database    = vroum
 +------------------+------------------------------+
 | Relation         | Grant/Revoke Permissions     |
 +------------------+------------------------------+
 | couleur          | {"=","uvroum=arwR","2001=rw"} |

the grant revoke permissions weren't updated !

So I try to update them manually:

vroum=> REVOKE ALL ON couleur FROM "2001";
ERROR:  aclparse: non-existent user "2001"
vroum=> REVOKE ALL ON couleur FROM 2001;
ERROR:  parser: parse error at or near "2001"
vroum=>

this seems impossible without manually updating some system tables, which
I haven't tried.

IMHO the DROP USER should have updated all Grant/Revoke permissions.

another bug IMHO is that if I do this (CREATE USER, GRANT, DROP USER) 2
times with 2 different user names, then the same userid (2001) is used.

I think the userid shouldn't be reused, especially because of the above
mentionned problem which could very well cause security problems (not
tested).

Jerome ALET - alet(at)unice(dot)fr - http://cortex.unice.fr/~jerome
Faculte de Medecine de Nice - http://noe.unice.fr - Tel: 04 93 37 76 30 
28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE


Responses

pgsql-bugs by date

Next:From: Peter EisentrautDate: 2000-02-23 13:48:13
Subject: Re: [BUGS] drop user bug ?
Previous:From: infoDate: 2000-02-22 10:06:30
Subject: Paper catalogues in HTML on the Internet

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group