Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superusercheck

Andres,

* Andres Freund (andres@anarazel.de) wrote:
> On 2017-01-25 18:04:09 -0500, Stephen Frost wrote:
> > Robert's made it clear that he'd like to have a blanket rule that we
> > don't have superuser checks in these code paths if they can be GRANT'd
> > at the database level, which goes beyond pg_ls_dir.
>
> That seems right to me.  I don't see much benefit for the superuser()
> style checks, with a few exceptions.  Granting by default is obviously
> an entirely different question.

Well, for my part at least, I disagree.  Superuser is a very different
animal, imv, than privileges which can be GRANT'd, and I feel that's an
altogether good thing.

> In other words, you're trying to force people to do stuff your preferred
> way, instead of allowing them to get things done is a reasonable manner.

Apparently we disagree about what is a 'reasonable manner'.

Thanks!

Stephen