|From:||Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>|
|To:||Daniel Farina <daniel(at)heroku(dot)com>|
|Subject:||Re: pg_cancel_backend by non-superuser|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
Daniel Farina <daniel(at)heroku(dot)com> writes:
> This patch would appear(?) to have languished:
> I'd really like to see it included. In the last comments of the
> review, there seem to be problems in *terminate* backend, but even
> just pg_cancel_backend as non-superuser would be just a huge
> improvement. What are the things blocking non-superuser
> pg_cancel_backend from being accepted?
I think the reason the patch stalled is that we have not got consensus
on how far to extend the conditions under which these operations should
be allowed. For instance, in the last comment attached to that
commitfest entry, Noah alleges that a non-superuser database owner
should be allowed to kill a superuser's session, if it's connected
to his database. My reaction to that is somewhere between "no" and
"hell no"; IMO superusers can mess up non-superusers, never vice versa.
If I recall the discussion correctly, there were other points of
I don't think we need more coding right now ... we need somebody to
write a spec that everyone can agree to.
ISTM it would be reasonably non-controversial to allow users to issue
pg_cancel_backend against other sessions logged in as the same userID.
The question is whether to go further than that, and if so how much.
regards, tom lane
|Next Message||Torello Querci||2011-10-01 05:44:44||Re: pg_cancel_backend by non-superuser|
|Previous Message||Tom Lane||2011-10-01 04:03:31||Re: Re: Optimizing pg_trgm makesign() (was Re: WIP: Fast GiST index build)|