Re: [HACKERS] Cannot insert into temp tables
| От | Oliver Elphick |
|---|---|
| Тема | Re: [HACKERS] Cannot insert into temp tables |
| Дата | |
| Msg-id | 199907311726.SAA21548@linda.lfix.co.uk обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Cannot insert into temp tables (Bruce Momjian <maillist@candle.pha.pa.us>) |
| Ответы |
Re: [HACKERS] Cannot insert into temp tables
|
| Список | pgsql-hackers |
Bruce Momjian wrote: ... >OK, you have good points. usecatupd should not be set by default. >Making changes to the system tables can mess thingsup for everyone. >Initdb will give the postgres superuser permissions, but now createuser >and the SQL command CREATEUSER will not give this permission. Also, I >have fixed the code so temp tables, which are acutally named pg_temp,>can be updated by normal users without usecatupd permissions. > >Attached is a patch. I will apply it to the currenttree. Bruce, this change has some other implications. I tested the effect of the patch by altering the rights of my own account (setting usecatupd to false). I cannot now create other users: although usesuper is true, the attempt to update pg_shadow with the new user's row fails: olly@linda$ createuser fred Enter user's postgres ID -> 999 Is user "fred" allowed to create databases (y/n) n Is user "fred"a superuser? (y/n) n ERROR: pg_shadow: Permission denied. createuser: fred was NOT added successfully so I think your change needs to be extended to allow pg_shadow to be updated when a user is created; in this case, usesuper should override usecatupd. On the other hand, a user with usecreatedb true is able to modify pg_database outside the context of a create database command. This also seems to be undesirable. I think that create user, alter user and create database should work even though the user does not have usecatupd, but the user should be able to change the affected tables only through those commands and not by direct manipulation, unless he has usecatupd in addition to other privileges. I regret that I can only point out these problems rather than provide a fix... -- Vote against SPAM: http://www.politik-digital.de/spam/ ======================================== Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver PGP key from public servers; key ID32B8FAA1 ======================================== "Have not I commanded thee? Be strong and of a good courage; be not afraid, neither be thou dismayed; for the LORD thy God is with thee whithersoever thou goest." Joshua 1:9
В списке pgsql-hackers по дате отправления: