Re: [HACKERS] Odd problem with pg_class ...
От | Ricardo Coelho |
---|---|
Тема | Re: [HACKERS] Odd problem with pg_class ... |
Дата | |
Msg-id | 00a001bef561$1ec03b60$03fafdc8@px.com.br обсуждение исходный текст |
Ответ на | Re: [HACKERS] Odd problem with pg_class ... (Tom Lane <tgl@sss.pgh.pa.us>) |
Список | pgsql-hackers |
This problem was reported in 08/17/1999 by me and 08/30/1999 by D Herssein. No answer received. Both are attached. ---------------- E-mail 08/17 ----------------------------------------------------------- Hi All, Two weeks ago somebody had reported that drop user don't remove rights from relacl field of pg_class. This problem is more serious if you delete a group from pg_group without remoking rigths before. It causes backend terminates abnormally. Maybe interesting for others!! Could anybody include DENY sql command in TODO list. My problem is: A group have rigths to access some table. I include a new user in this group, but for three months he will not have rights to access this table. So, if the new user have no rigths, he will get rights from his group. I think it would be enough DENY command (deny all on sometable from newuser) includes something like "NEWUSER=" in relacl field. Just more one question: Aclitem type have the following rigths: =arwR (insert, select, update/delete, create rule, I suppose). How could I grant update and revoke delete permissions on a table ? Best Regards, Ricardo Coelho. ---------------------------------------------------------------------------- --------------------- -------------- E-mail 08/30 ------------------------------------------------------------------- Hi Denny, I solved this problem (backend crashes when we delete a group without revoking privileges) adding the group again with the same grosysid, revoking all privileges on all tables and deleting this group. Best Regards, Ricardo Coelho. ----- Original Message ----- From: D Herssein <denny@namsi.com> To: Ricardo Coelho <rcoelho@px.com.br> Sent: Monday, August 30, 1999 1:03 PM Subject: HELP Re: pg_group, etc.. > I just read your post AFTER I sent the HELP request to the group. > I must have deleted the group/user in the wrong order while playing with > the db trying to learn how to gran group access to users. > How do I get myself back to normal? > > > -- > Life is complicated. But the simpler alternatives are not very > desirable. (R' A. Kahn) > ---------------------------------------------------------------------------- ------------------- ----- Original Message ----- From: Tom Lane <tgl@sss.pgh.pa.us> To: The Hermit Hacker <scrappy@hub.org> Cc: <pgsql-hackers@postgreSQL.org> Sent: Thursday, September 02, 1999 12:03 PM Subject: Re: [HACKERS] Odd problem with pg_class ... > The Hermit Hacker <scrappy@hub.org> writes: > > NOTICE: get_groname: group 0 not found > > pqReadData() -- backend closed the channel unexpectedly. > > get_groname returns NULL on failure, and it looks like aclitemout > in backend/utils/adt/acl.c isn't checking for that. Probably > aclitemout ought to produce the decimal equivalent of the group ID > if no name is available. Compare what it does in the UID case just > above. > > BTW, the ifdef'd out elog(NOTICE) in the UID case could be re-enabled > now, because I fixed the FE/BE protocol problem with NOTICEs generated > by type conversion routines... > > regards, tom lane > > ************ > >
В списке pgsql-hackers по дате отправления: