Re: pg_read_server_files doesn't let me use pg_ls_dir() or pg_read_file?

At Tue, 14 Mar 2023 20:33:10 +0100, hubert depesz lubaczewski <depesz(at)depesz(dot)com> wrote in
> Hi,
> Tested it now on built today Pg 16devel, straight from repo.
>
> In docs (https://www.postgresql.org/docs/current/functions-admin.html#FUNCTIONS-ADMIN-GENFILE), I found:
> > The functions shown in Table 9.99 provide native access to files on
> > the machine hosting the server. Only files within the database cluster
> > directory and the log_directory can be accessed, unless the user is
> > a superuser or is granted the role pg_read_server_files. Use
> > a relative path for files in the cluster directory, and a path
> > matching the log_directory configuration setting for log files.
>
> which I understand that if I'll grant pg_read_server_files to some user,
> then this user should be able to use the generic file access functions.

> $ select * from pg_ls_dir('.');
> ERROR: permission denied for function pg_ls_dir

"GRANT EXECUTE ON FUNCTION pg_ls_dir(text) TO test" might work for you.

The doc section you are referring to also describes that on a
per-function basis like this.

> This function is restricted to superusers by default, but other
> users can be granted EXECUTE to run the function.

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center