On Fri, Aug 19, 2005 at 05:49:06PM +1200, Bernard wrote:
> If the owner of an application owning the connections trusts the
> application and gets the postgres superuser to grant it the right to
> read from files, then it is obviously acceptable to the owner of the
> application and to the postgres superuser. There is no doubt about
> that and the owner of the application is not concerned with 3rd party
> acceptability. This would be a solution even if Postgres system files
> were totally exposed. Better than nothing.
I think what people are trying to tell you is that "permission to read
server files" == "superuser". If the postgres superuser grants you
permission to read server files, they then have access to all files in
all databases in the server, i.e. they are superuser. You know, read
passwords, see ident mappings, etc...
So in your case, what's the problem with making your user a superuser,
it's not like you're limited to just one.
Finally, as someone pointed out, you can create a function to execute
the copy as a superuser and let your normal user call it.
No need to open up the whole system just to solve something that a five
line function will do just as well.
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.