| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Remove explicit superuser checks in favor of ACLs |
| Date: | 2018-04-06 18:47:38 |
| Message-ID: | E1f4WOg-0007jG-Gz@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Remove explicit superuser checks in favor of ACLs
This removes the explicit superuser checks in the various file-access
functions in the backend, specifically pg_ls_dir(), pg_read_file(),
pg_read_binary_file(), and pg_stat_file(). Instead, EXECUTE is REVOKE'd
from public for these, meaning that only a superuser is able to run them
by default, but access to them can be GRANT'd to other roles.
Reviewed-By: Michael Paquier
Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/e79350fef2917522571add750e3e21af293b50fe
Modified Files
--------------
src/backend/catalog/system_views.sql | 14 ++++++++++++++
src/backend/utils/adt/genfile.c | 20 --------------------
2 files changed, 14 insertions(+), 20 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2018-04-06 19:52:03 | pgsql: Faster partition pruning |
| Previous Message | Robert Haas | 2018-04-06 18:35:42 | Re: pgsql: New files for MERGE |