Re: pg_cancel_backend by non-superuser
| От | Torello Querci |
|---|---|
| Тема | Re: pg_cancel_backend by non-superuser |
| Дата | |
| Msg-id | CA+igE6TbTX5d1EkaGY01G3VnyydLf0e5BDdWG=n4HpTEnkYUUQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: pg_cancel_backend by non-superuser (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
2011/10/1 Tom Lane <tgl@sss.pgh.pa.us>: > Daniel Farina <daniel@heroku.com> writes: >> This patch would appear(?) to have languished: >> https://commitfest.postgresql.org/action/patch_view?id=541 > >> I'd really like to see it included. In the last comments of the >> review, there seem to be problems in *terminate* backend, but even >> just pg_cancel_backend as non-superuser would be just a huge >> improvement. What are the things blocking non-superuser >> pg_cancel_backend from being accepted? > > I think the reason the patch stalled is that we have not got consensus > on how far to extend the conditions under which these operations should > be allowed. For instance, in the last comment attached to that > commitfest entry, Noah alleges that a non-superuser database owner > should be allowed to kill a superuser's session, if it's connected > to his database. My reaction to that is somewhere between "no" and > "hell no"; IMO superusers can mess up non-superusers, never vice versa. > If I recall the discussion correctly, there were other points of > contention too. > Hi, the original patch allow only for the DB Owner to kill sessions owner by other users. This because in real world I have some production database where I'm not the DBA, but only the DB owner. I think that is not a good idea that a normal users is able to kill session from the same user because, unfortunally, in some real environment there are a lots of application that need to access to the same database and the same user is used. I know that is not a good practise but it is on the field .... For this reason I suppose that allow only to DB onwer to kill other sessions it is a good compromize between functionality and security, but is my personal opinion ... > I don't think we need more coding right now ... we need somebody to > write a spec that everyone can agree to. > > ISTM it would be reasonably non-controversial to allow users to issue > pg_cancel_backend against other sessions logged in as the same userID. > The question is whether to go further than that, and if so how much. > > regards, tom lane > > -- > Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-hackers >
В списке pgsql-hackers по дате отправления: