| From: | "unrestricted_area" <unrestricted_area(at)yahoo(dot)com> |
|---|---|
| To: | <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | drop group command does not remove group information in table access permission. |
| Date: | 2001-11-20 08:44:24 |
| Message-ID: | 003b01c1719f$8f35efe0$fa00a8c0@motetech.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hi.
I came across the following problem on PostgreSQL 7.1.3 running on
i686-pc-linux-gnu, compiled by GCC 2.96.
When we grant table access permission to a group and delete the group before
revoking all access permission to the table, the access permission for the
group will be "stuck" and cannot be removed from the table. There is a need
to recreate the group before deletion of table access permission is allowed.
The scenario is that if a group is used for accessing sensitive information
and later removed, the group sysid will be assigned to the next group
created and the newly created group will have access to those sensiitive
information (which may not be exactly what we want).
I've looked around for information and found none pertaining to this issue.
There seems to be no tools for examining existing bug reports (is there?) so
apologies if this has been reported or solved. Admittedly, I have not tested
this with version 7.2 beta but please do look into this.
Thanks.
testdb=# create table table1 ( index varchar );
CREATE
testdb=# \z
Access permissions for database "testdb"
Relation | Access permissions
-------------------------+----------------------------------------------
table1 |
(1 row)
testdb=# CREATE GROUP "somegroup" WITH SYSID 2 USER "pgadmin", "william";
CREATE GROUP
testdb=# grant all on table1 to group somegroup;
CHANGE
testdb=# \z
Access permissions for database "testdb"
Relation | Access permissions
-------------------------+----------------------------------------------
table1 | {"=","postgres=arwR","group somegroup=arwR"}
(1 row)
testdb=# drop group somegroup;
DROP GROUP
testdb=# \z
Access permissions for database "testdb"
Relation | Access permissions
-------------------------+----------------------------------------------
table1 | {"=","postgres=arwR","group 2=arwR"}
(1 row)
testdb=# revoke all on table1 from group "2";
ERROR: non-existent group "2"
testdb=# revoke all on table1 from group 2;
ERROR: parser: parse error at or near "2"
testdb=#
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ashley Cambrell | 2001-11-20 09:44:15 | http://www.ca.postgresql.org/bugs/index.php doesn't work under mozilla |
| Previous Message | Tom Lane | 2001-11-20 00:49:09 | Re: Mac OS X 10.1 build bug - paths with spaces |