Re: pg_restore and permissions

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: Florian Weimer <Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE>, pgsql-admin(at)postgresql(dot)org
Subject: Re: pg_restore and permissions
Date: 2002-04-25 17:20:36
Message-ID: 3181.1019755236@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> That should work.

No, it won't because the pg_dumpall script will try to connect as each
user who owns objects in the database. With ident authorization in
force, the DB rejects these connection requests as falsified.

SET SESSION AUTHORIZATION should have been used instead, but I doubt
Florian has any convenient way to re-do the dump file with that option.

I do not think there is any way to restore such scripts except by
temporarily suspending auth checking for local connections. (If you
feel too paranoid to do that, you might consider tightening access
permissions on the socket file instead.)

regards, tom lane

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Florian Weimer 2002-04-25 17:26:01 Re: pg_restore and permissions
Previous Message Mike Castle 2002-04-25 16:57:25 Re: Hardware needed for 15,000,000 record DB?