Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check

On 27 January 2017 at 12:56, Dave Page <dpage@pgadmin.org> wrote:

> Probably the most common complaint I get from users
> regarding the management & monitoring tools I work on is that they
> have to use superuser accounts to get the full benefits, unlike other
> DBMSs where you can create a role with just the required privileges
> (or indeed, other DBMSs that ship with such roles pre-defined for
> convenience).

This is still just the Adminpack argument. This has been going on for
about a decade? Longer.

If the monitoring tool requires superuser then that is a problem, so
it would be helpful if it didn't do that, please. Not much use having
a cool tool if it don't work with the server.

The management and monitoring tool could be more specific about what
it actually needs, rather than simply requesting generic read and
write against the filesystem. Then we can put those specific things
into the server and we can all be happy. Again, a detailed list would
help here.

Does the latest version of pgadmin provide access to log files? I
can't see much that really needs Adminpack anymore, though I've not
done a thorough analysis at all.

-- 
Simon Riggs                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services