| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Frank van Vugt <ftm(dot)van(dot)vugt(at)foxi(dot)nl> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: intentional or oversight? pg_dump -c does not restore default priviliges on schema public |
| Date: | 2017-02-11 22:06:17 |
| Message-ID: | 20170211220617.GG9812@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Greetings,
* Frank van Vugt (ftm(dot)van(dot)vugt(at)foxi(dot)nl) wrote:
> I noticed the following and wondered whether this is intentional or an
> oversight in pg_dump's '-c' option?
>
> The clean option causes the public schema to be dropped and recreated, but
> this is done with the default schema priviliges, which are not the same as the
> ones assigned during create database:
Interesting. The reason this happens is that the privileges for the
public schema aren't dumped when they are the same as what you would get
from a default install in 9.6+, but using -c will end up dropping and
recreating it, which, as you note, will end up having different
privileges than the default install because they'll be the regular
default privilegs of "nothing" for schemas.
This is happening just for the public schema due to how it's handled in
a special way in pg_dump_archive.c:_printTocEntry(). This only impacts
ACLs because those are the only things which are different for the
public schema vs. it's initdb settings (there's no SECURITY LABEL, for
example, on the initdb'd public schema).
Due to how the public schema is (and always has been) handled in this
special way, this is a bug which needs to be fixed by having the default
ACLs for the public schema included in the dump output if -c is being
used.
I'm not seeing a very simple answer for this, unfortunately. I'm
thinking we're going to need to pull the public schema's permissions
differently if we're in clean mode (by comparing to the default schema
privileges) vs. when we're not (in which case we should be comparing to
*public*'s initdb-time privileges, as we do now). One option would be
to handle that by hacking up buildACLQueries() to take a flag which
basically means "we are dropping the public schema, do not consider its
pg_init_privs settings" but that strikes me as awful grotty. Another
option would be to change getNamespaces() to run a special query
(perhaps as a UNION-ALL combination with the existing query) that is
just to get the info for the 'public' schema (and exclude the 'public'
schema from the first half of the query, of course).
Thanks for the report!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jan de Visser | 2017-02-11 22:36:10 | Re: Fwd: Query parameter types not recognized |
| Previous Message | Frank van Vugt | 2017-02-11 21:38:55 | Re: intentional or oversight? pg_dump -c does not restore default priviliges on schema public |