Add default role 'pg_access_server_files'

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Add default role 'pg_access_server_files'
Date: 2017-12-31 19:19:39
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers


This patch adds a new default role called 'pg_access_server_files' which
allows an administrator to GRANT to a non-superuser role the ability to
access server-side files through PostgreSQL (as the user the database is
running as). By itself, having this role allows a non-superuser to use
server-side COPY and to use file_fdw (if installed by a superuser and
GRANT'd USAGE on it).

Further, this patch moves the privilege check for the remaining misc
file functions from explicit superuser checks to the GRANT system,
similar to what's done for pg_ls_logdir() and others. Lastly, these
functions are changed to allow a user with the 'pg_access_server_files'
role to be able to access files outside of the PG data directory.

This follows on and continues what was recently done with the
lo_import/export functions. There's other superuser checks to replace
with grant'able default roles, but those probably make more sense as
independent patches. I continue to be of the opinion that it'd be nice
to have more fine-grained control over these functions to limit the
access granted, but nothing here prevents that from being done and this
at least allows some movement away from having to have roles with
superuser access.



Attachment Content-Type Size
add_default_role_access_server_files_v1-master.patch text/x-diff 13.6 KB


Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Geoghegan 2017-12-31 19:27:24 Re: Contributing with code
Previous Message David G. Johnston 2017-12-31 19:02:49 Re: TODO list (was Re: Contributing with code)