Skip site navigation (1) Skip section navigation (2)


From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Claudio Freire <klaussfreire(at)gmail(dot)com>
Cc: Simon Riggs <simon(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>,PostgreSQL-Dev <pgsql-hackers(at)postgresql(dot)org>
Date: 2013-01-14 16:24:52
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
* Claudio Freire (klaussfreire(at)gmail(dot)com) wrote:
> On Mon, Jan 14, 2013 at 1:01 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > I do like the idea of a generalized answer which just runs a
> > user-provided command on the server but that's always going to require
> > superuser privileges.
> Unless it's one of a set of superuser-authorized compression tools.

Which would require a new ACL system for handling that, as I mentioned..
That certainly isn't what the existing patch does.

What would that look like?  How would it operate?  How would a user
invoke it or even know what options are available?  Would we provide
anything by default?  It's great to consider that possibility but
there's a lot of details involved.

I'm a bit nervous about having a generalized system which can run
anything on the system when called by a superuser but when called by a
regular user we're on the hook to verify the request against a
superuser-provided list and to then make sure nothing goes wrong.



In response to

pgsql-hackers by date

Next:From: Amit kapilaDate: 2013-01-14 16:27:33
Subject: Re: Proposal for Allow postgresql.conf values to be changed via SQL [review]
Previous:From: Peter GeogheganDate: 2013-01-14 16:19:42
Subject: Re: Timing events WIP v1

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group