Re: BUG #15371: a user who not a member of pg_read_server_files rolecan create a new user into pg_read_server_files

Поиск
Список
Период
Сортировка
От David G. Johnston
Тема Re: BUG #15371: a user who not a member of pg_read_server_files rolecan create a new user into pg_read_server_files
Дата
Msg-id CAKFQuwYyGB11h7oEUp8pbgnCGzWpaa9Z+NEKZ5xk_4qrCMdyyQ@mail.gmail.com
обсуждение исходный текст
Ответ на BUG #15371: a user who not a member of pg_read_server_files role cancreate a new user into pg_read_server_files  (PG Bug reporting form <noreply@postgresql.org>)
Список pgsql-bugs
Дерево обсуждения
On Saturday, September 8, 2018, PG Bug reporting form <noreply@postgresql.org> wrote:

1,execute "CREATE USER mytestuser WITH PASSWORD '12345678'  CREATEDB
CREATEROLE;" use a supper user;

So, reading the create role docs this seems to be working as designed.

“ Be careful with the CREATEROLE privilege. There is no concept of inheritance for the privileges of a CREATEROLE-role. That means that even if a role does not have a certain privilege but is allowed to create other roles, it can easily create another role with different privileges than its own (except for creating roles with superuser privileges)“

David J.

В списке pgsql-bugs по дате отправления:

Предыдущее
От: "David G. Johnston"
Дата:
Сообщение: Re: BUG #15371: a user who not a member of pg_read_server_files rolecan create a new user into pg_read_server_files
Следующее
От: Tom Lane
Дата:
Сообщение: Re: BUG #15372: pg_stat_statements extension ignore stats_temp_directory setting and always write into pg_stat_tmp