Re: [HACKERS] Cannot insert into temp tables

Поиск
Список
Период
Сортировка
От Oliver Elphick
Тема Re: [HACKERS] Cannot insert into temp tables
Дата
Msg-id 199907311726.SAA21548@linda.lfix.co.uk
обсуждение исходный текст
Ответ на Re: [HACKERS] Cannot insert into temp tables  (Bruce Momjian <maillist@candle.pha.pa.us>)
Ответы Re: [HACKERS] Cannot insert into temp tables  (Bruce Momjian <maillist@candle.pha.pa.us>)
Список pgsql-hackers
Дерево обсуждения 
Bruce Momjian wrote:
... >OK, you have good points.  usecatupd should not be set by default.  >Making changes to the system tables can mess
thingsup for everyone.  >Initdb will give the postgres superuser permissions, but now createuser >and the SQL command
CREATEUSER will not give this permission.  Also, I >have fixed the code so temp tables, which are acutally named
pg_temp,>can be updated by normal users without usecatupd permissions. > >Attached is a patch.  I will apply it to the
currenttree.
 

Bruce, this change has some other implications.  I tested
the effect of the patch by altering the rights of my own account (setting
usecatupd to false).  I cannot now create other users: although usesuper is
true, the attempt to update pg_shadow with the new user's row fails:
 olly@linda$ createuser fred Enter user's postgres ID -> 999 Is user "fred" allowed to create databases (y/n) n Is user
"fred"a superuser? (y/n) n ERROR:  pg_shadow: Permission denied. createuser: fred was NOT added successfully
 

so I think your change needs to be extended to allow pg_shadow to be
updated when a user is created; in this case, usesuper should
override usecatupd.

On the other hand, a user with usecreatedb true is able to modify
pg_database outside the context of a create database command.  This also
seems to be undesirable.  I think that create user, alter user and create
database should work even though the user does not have usecatupd, but the
user should be able to change the affected tables only through those
commands and not by direct manipulation, unless he has usecatupd in
addition to other privileges.

I regret that I can only point out these problems rather than provide 
a fix...



--      Vote against SPAM: http://www.politik-digital.de/spam/                ========================================
Oliver Elphick                                Oliver.Elphick@lfix.co.uk
Isle of Wight                              http://www.lfix.co.uk/oliver              PGP key from public servers; key
ID32B8FAA1                ========================================    "Have not I commanded thee? Be strong and of a
good     courage; be not afraid, neither be thou dismayed; for      the LORD thy God is with thee whithersoever thou
 goest."                        Joshua 1:9

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Ryan Kirkpatrick
Дата:
Сообщение: Re: [HACKERS] Re: [PORTS] RedHat6.0 & Alpha
Следующее
От: Mike Mascari
Дата:
Сообщение: Re: [HACKERS] IPC Memory problem with Postmaster on BSDi 4.x