Re: About "ERROR: must be *superuser* to COPY to or from a file"

Greg Stark <gsstark@mit.edu> writes:

> Douglas McNaught <doug@mcnaught.org> writes:
>
>> You can use \copy in 'psql' on the client side, but you have to be a
>> superuser to do COPY on the server side, for security reasons.
>
> I wonder if there's any way to relax this constraint.
>
> If you're connected via a unix domain socket we can know the UID of the client
> end. I don't see reproducing the entire unix semantics but if file is owned by
> the same uid as the user connecting it seems like it ought to be safe.

That's an interesting point.  You'd have to make sure you weren't
following a user-owned symlink to a 'postgres'-owned file, but that's
doable.

Of course that method only applies to a subset of PG users, and
completely excludes the Windows side.  It might also conflict with
security policies that forbid PG from reading and writing outside its
own data directory.

-Doug