From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | David Sauer <davids(at)orfinet(dot)cz> |
Cc: | pgsql-hackers(at)postgreSQL(dot)org |
Subject: | Re: [HACKERS] drop user doesn't remove rights from tables ... |
Date: | 1999-07-07 18:32:17 |
Message-ID: | 199907071832.OAA05876@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> david=> create user sss;
> CREATE USER
> david=> select * from pg_shadow;
> usename |usesysid|usecreatedb|usetrace|usesuper|usecatupd|passwd|valuntil
> --------+--------+-----------+--------+--------+---------+------+----------------------------
> postgres| 502|t |t |t |t | |Sat Jan 31 07:00:00 2037 CET
> david | 501|t |t |t |t | |
> sss | 503|f |t |f |t | |
> (3 rows)
>
> david=> create table test ( i int );
> CREATE
> david=> grant all on test to sss;
> CHANGE
> david=> \z test
> Database = david
> +----------+--------------------------+
> | Relation | Grant/Revoke Permissions |
> +----------+--------------------------+
> | test | {"=","sss=arwR"} |
> +----------+--------------------------+
> david=> drop user sss;
> DROP USER
> david=> \z test
> Database = david
> +----------+--------------------------+
> | Relation | Grant/Revoke Permissions |
> +----------+--------------------------+
> | test | {"=","503=arwR"} |
> +----------+--------------------------+
>
>
> All rights for user 'sss' remains there (but now identified by
> id=503). I'am not sure, if this is error, but it is dangerous.
> ('createuser' with id=503 will grant all rights to new user)
This has been pointed out before. Not sure how to deal with it.
--
Bruce Momjian | http://www.op.net/~candle
maillist(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 1999-07-07 18:55:34 | Re: [HACKERS] Broken select on regular expression !!! |
Previous Message | Bruce Momjian | 1999-07-07 18:25:26 | Re: [HACKERS] Broken select on regular expression !!! |