Re: User rights

Поиск
Список
Период
Сортировка
От Nicolas Kowalski
Тема Re: User rights
Дата
Msg-id Pine.LNX.4.33.0106131747550.32676-100000@girose.imag.fr
обсуждение исходный текст
Ответ на Re: User rights  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-admin
Дерево обсуждения 
On Wed, 13 Jun 2001, Tom Lane wrote:

TL> Nicolas Kowalski <Nicolas.Kowalski@imag.fr> writes:
TL> > The problem is, if a user tries to authenticate and is not in the
TL> > pg_shadow system table but *is* in the passwd file, the access will
TL> > always fail. If the user appears in the pg_shadow table, no problems.
TL>
TL> If you're not in pg_shadow you are not a postgres user.  Bogus
TL> entries in password files won't help you.

Normal behaviour. Ok, I surrender.


TL>
TL> > By mistake, I deleted a user (me in fact) from the pg_shadow table. I
TL> > was the owner of several tables. As a superuser, I re-created the user,
TL> > with the same information, sysid included. But now, I am unable to
TL> > manage or even do some SELECT on the table I was the owner. I checked
TL> > the relowner field in the pg_class table, and it has the value of my
TL> > sysid...
TL>
TL> Hmm, that should work, if you're sure you got the right sysid.  Also
TL> check to make sure there is only one row in pg_shadow with that sysid.


As superuser :

datavm=# SELECT usename,usesysid from pg_shadow where
usename='kowalski';
 usename  | usesysid
----------+----------
 kowalski |     5519
(1 row)

datavm=# SELECT usename,usesysid from pg_shadow where usesysid='5519';
 usename  | usesysid
----------+----------
 kowalski |     5519
(1 row)



datavm=# SELECT relowner from pg_class where relname='sys_machine';
 relowner
----------
     5519
(1 row)

datavm=# SELECT relowner from pg_class where relname='sys_equipment';
 relowner
----------
     5519
(1 row)



datavm=# \dz
...
sys_machine                | {"=","admin=r"}
...
sys_equipment              |
...




As user kowalski :

datavm=> SELECT * from sys_machine ;
ERROR:  sys_machine: Permission denied.

datavm=> SELECT * from sys_equipment ;
 id  |   description    |  delivery  | ownership | location | invoice_id
| comme
nt
-----+------------------+------------+-----------+----------+------------+------
---
   9 | IMPRIMANTE       | 1996-11-12 | P         | VERIMAG  |
|
   1 | LECTEUR DE BANDE | 1997-07-16 | P         | VERIMAG  |
|
 204 | MAC PORTABLE     | 2000-06-27 | P         | VERIMAG  |

...and so on.



What is wrong ?

Nicolas.

В списке pgsql-admin по дате отправления: