Re: Add default role 'pg_access_server_files'

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Michael Paquier <michael(at)paquier(dot)xyz>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Add default role 'pg_access_server_files'
Date: 2018-03-26 01:43:25
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers


* Michael Paquier (michael(at)paquier(dot)xyz) wrote:
> On Thu, Mar 08, 2018 at 10:15:11AM +0900, Michael Paquier wrote:
> > Other than that the patch looks in pretty good shape to me.
> The regression tests of file_fdw are blowing up because of an error
> string patch 2 changes.

Fixed in the attached.

Does anyone have an opinion regarding the adminpack functions? I was
just reviewing the patch and considering if we should adjust the
privileges there also and it seems like we should. That'd be a pretty
straight-forward change, of course, so unless there's some reason not to
then I'll see about providing an updated patch tomorrow which covers
those functions as well.

Note that it'll be a bit more complicated since we can't just remove the
checks from the existing functions- we'll need to have new functions
where the checks are removed and a new extension version that updates to
the new functions and then REVOKE's access to them. Not a big deal,
just pointing out that it's not quite as straight-forward since it's an
extension and we need to deal with environments where the server's been
upgraded and the .so changed, but the existing functions are still in
place with their current public-execute rights.



Attachment Content-Type Size
add_default_role_access_server_files_v4-master.patch text/x-diff 18.0 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2018-03-26 02:26:47 Re: Parallel Aggregates for string_agg and array_agg
Previous Message Peter Eisentraut 2018-03-26 01:34:14 Re: file cloning in pg_upgrade and CREATE DATABASE