pgsql: Add default roles for file/program access
| От | Stephen Frost |
|---|---|
| Тема | pgsql: Add default roles for file/program access |
| Дата | |
| Msg-id | E1f4WOg-0007jI-Gx@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
Add default roles for file/program access This patch adds new default roles named 'pg_read_server_files', 'pg_write_server_files', 'pg_execute_server_program' which allow an administrator to GRANT to a non-superuser role the ability to access server-side files or run programs through PostgreSQL (as the user the database is running as). Having one of these roles allows a non-superuser to use server-side COPY to read, write, or with a program, and to use file_fdw (if installed by a superuser and GRANT'd USAGE on it) to read from files or run a program. The existing misc file functions are also changed to allow a user with the 'pg_read_server_files' default role to read any files on the filesystem, matching the privileges given to that role through COPY and file_fdw from above. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/0fdc8495bff02684142a44ab3bc5b18a8ca1863a Modified Files -------------- contrib/file_fdw/file_fdw.c | 51 +++++++++++++++++++++------------ contrib/file_fdw/output/file_fdw.source | 2 +- doc/src/sgml/file-fdw.sgml | 8 ++++-- doc/src/sgml/func.sgml | 27 +++++++++++------ doc/src/sgml/ref/copy.sgml | 8 ++++-- doc/src/sgml/user-manag.sgml | 28 +++++++++++++++++- src/backend/commands/copy.c | 46 ++++++++++++++++++++--------- src/backend/utils/adt/genfile.c | 16 +++++++++++ src/include/catalog/pg_authid.h | 6 ++++ 9 files changed, 145 insertions(+), 47 deletions(-)
В списке pgsql-committers по дате отправления: