Skip site navigation (1) Skip section navigation (2)

Re: User rights

From: Nicolas Kowalski <Nicolas(dot)Kowalski(at)imag(dot)fr>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: <pgsql-admin(at)postgresql(dot)org>
Subject: Re: User rights
Date: 2001-06-13 15:56:41
Message-ID: Pine.LNX.4.33.0106131747550.32676-100000@girose.imag.fr (view raw or flat)
Thread:
Lists: pgsql-admin
On Wed, 13 Jun 2001, Tom Lane wrote:

TL> Nicolas Kowalski <Nicolas(dot)Kowalski(at)imag(dot)fr> writes:
TL> > The problem is, if a user tries to authenticate and is not in the
TL> > pg_shadow system table but *is* in the passwd file, the access will
TL> > always fail. If the user appears in the pg_shadow table, no problems.
TL>
TL> If you're not in pg_shadow you are not a postgres user.  Bogus
TL> entries in password files won't help you.

Normal behaviour. Ok, I surrender.


TL>
TL> > By mistake, I deleted a user (me in fact) from the pg_shadow table. I
TL> > was the owner of several tables. As a superuser, I re-created the user,
TL> > with the same information, sysid included. But now, I am unable to
TL> > manage or even do some SELECT on the table I was the owner. I checked
TL> > the relowner field in the pg_class table, and it has the value of my
TL> > sysid...
TL>
TL> Hmm, that should work, if you're sure you got the right sysid.  Also
TL> check to make sure there is only one row in pg_shadow with that sysid.


As superuser :

datavm=# SELECT usename,usesysid from pg_shadow where
usename='kowalski';
 usename  | usesysid
----------+----------
 kowalski |     5519
(1 row)

datavm=# SELECT usename,usesysid from pg_shadow where usesysid='5519';
 usename  | usesysid
----------+----------
 kowalski |     5519
(1 row)



datavm=# SELECT relowner from pg_class where relname='sys_machine';
 relowner
----------
     5519
(1 row)

datavm=# SELECT relowner from pg_class where relname='sys_equipment';
 relowner
----------
     5519
(1 row)



datavm=# \dz
...
sys_machine                | {"=","admin=r"}
...
sys_equipment              |
...




As user kowalski :

datavm=> SELECT * from sys_machine ;
ERROR:  sys_machine: Permission denied.

datavm=> SELECT * from sys_equipment ;
 id  |   description    |  delivery  | ownership | location | invoice_id
| comme
nt
-----+------------------+------------+-----------+----------+------------+------
---
   9 | IMPRIMANTE       | 1996-11-12 | P         | VERIMAG  |
|
   1 | LECTEUR DE BANDE | 1997-07-16 | P         | VERIMAG  |
|
 204 | MAC PORTABLE     | 2000-06-27 | P         | VERIMAG  |

...and so on.



What is wrong ?

Nicolas.



In response to

Responses

pgsql-admin by date

Next:From: David M. RichterDate: 2001-06-13 16:02:31
Subject: IRIX AND POSTGRES 7.1.2
Previous:From: Tom LaneDate: 2001-06-13 14:29:33
Subject: Re: performance issues

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group