| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Peter Geoghegan <pg(at)heroku(dot)com>, Kevin Grittner <kgrittn(at)gmail(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org>, Anastasia Lubennikova <a(dot)lubennikova(at)postgrespro(dot)ru> |
| Subject: | Re: amcheck (B-Tree integrity checking tool) |
| Date: | 2017-02-09 19:53:15 |
| Message-ID: | 20170209195315.asb7acfogx7w7cqe@alap3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2017-02-09 14:48:18 -0500, Robert Haas wrote:
> On Thu, Feb 9, 2017 at 3:05 AM, Andres Freund <andres(at)anarazel(dot)de> wrote:
> >> +#define CHECK_SUPERUSER() { \
> >> + if (!superuser()) \
> >> + ereport(ERROR, \
> >> + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), \
> >> + (errmsg("must be superuser to use verification functions")))); }
> >
> > Please make this either a function or just copy - the macro doesn't buy
> > us anything except weirder looking syntax.
>
> Better yet, remove the check altogether and just revoke access from
> public. Then the default policy is superuser-only, but the DBA can
> grant access to who they wish.
That works for me as well.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2017-02-09 19:58:09 | Re: \if, \elseif, \else, \endif (was Re: PSQL commands: \quit_if, \quit_unless) |
| Previous Message | Robert Haas | 2017-02-09 19:48:18 | Re: amcheck (B-Tree integrity checking tool) |