On Mon, Oct 25, 2021 at 12:40 PM Michael Paquier <michael@paquier.xyz> wrote:
>
> On Sun, Oct 24, 2021 at 08:31:37PM -0700, Jeff Davis wrote:
> > The current patch doesn't allow members of pg_signal_backend to rotate
> > the log file.
> >
> > Do you think pg_signal_backend is the wrong group to allow usage of
> > pg_log_backend_memory_contexts()? Alternatively, it could simply not
> > GRANT anything, and leave that up to the administrator to choose who
> > can use it.
>
> Hmm. Why don't you split the patch into two parts that can be
> discussed separately then? There would be one to remove all the
> superuser() checks you can think of, and a potential second to grant
> those function's execution to some system role.
IMO, in this thread we can focus on remvong the
pg_log_backend_memory_contexts()'s superuser() check and +1 to start a
separate thread to remove superuser() checks for the other functions
and REVOKE the permissions in appropriate places, for system functins
system_functions.sql files, for extension functions, the extension
installation .sql files. See [1] and [2].
[1] - https://www.postgresql.org/message-id/CALj2ACUhCFSUQmZhiQ%2Bw1kZdJGmhNP2cd1LZS4GVGowyjiqftQ%40mail.gmail.com
[2] - https://www.postgresql.org/message-id/CAOuzzgpp0dmOFjWC4JDvk57ZQGm8umCrFdR1at4b80xuF0XChw%40mail.gmail.com
Regards,
Bharath Rupireddy.