Re: [HACKERS] Postgres acl

>
> I believe I found a bug. If a user other than the postgres superuser is
> given permission to create databases, then he should be able to destroy
> the databases he creates. Currently he can't, at least in version 6.2.1
> complied for SunOS 5.5. Only the poostgres superuser can delete
> databases. If otherusers try they get the following error message:
>
> "WARN:pg_database: Permission denied.
> destroydb: database destroy failed on tmpdb."
>
> eventhough this user is the database admin for tmpdb as shown in the
> pd_database table.
>
>

Here is the fix.  This bug has been around for a while:

---------------------------------------------------------------------------

*** ./aclchk.c.orig    Tue Jan  6 00:10:25 1998
--- ./aclchk.c    Tue Jan  6 00:18:40 1998
***************
*** 410,416 ****
           * pg_database table, there is still additional permissions
           * checking in dbcommands.c
           */
!         if (mode & ACL_AP)
              return ACLCHECK_OK;
      }

--- 410,416 ----
           * pg_database table, there is still additional permissions
           * checking in dbcommands.c
           */
!         if ((mode & ACL_WR) || (mode & ACL_AP))
              return ACLCHECK_OK;
      }



--
Bruce Momjian
maillist@candle.pha.pa.us