Re: BUG #14242: Role with a setconfig "role" setting to a nonexistent role causes pg_upgrade to fail

Поиск
Список
Период
Сортировка
От David G. Johnston
Тема Re: BUG #14242: Role with a setconfig "role" setting to a nonexistent role causes pg_upgrade to fail
Дата
Msg-id CAKFQuwa3Zx4J-rRAi6sptkpOV0miY0bHfLGDH=+oZoLPU6Rjfw@mail.gmail.com
обсуждение исходный текст
Ответ на Re: BUG #14242: Role with a setconfig "role" setting to a nonexistent role causes pg_upgrade to fail  ("David G. Johnston" <david.g.johnston@gmail.com>)
Ответы Re: BUG #14242: Role with a setconfig "role" setting to a nonexistent role causes pg_upgrade to fail  ("David G. Johnston" <david.g.johnston@gmail.com>)
Список pgsql-bugs
On Mon, Jul 11, 2016 at 8:05 PM, David G. Johnston <
david.g.johnston@gmail.com> wrote:

> On Mon, Jul 11, 2016 at 7:36 PM, Andrew Gierth <
> andrew@tao11.riddles.org.uk> wrote:
>
>>  Tom> If the named role is the same as the actual role, then it's
>>  Tom> useless.  If they're different, it seems at best confusing.  In
>>  Tom> the context of ALTER DATABASE SET, it seems both confusing and
>>  Tom> possibly a security hazard.
>>
>> It _appears_ to silently fail if the user logging in is not actually a
>> member of the specified role. I have not looked at the code.
>>
>
> =E2=80=8BWARNING:\s\spermission denied to set role "grouprole"
>
>
=E2=80=8BFun times...
[up-thread commands still in effect]
ALTER DATABASE postgres SET ROLE loginrole2;
psql -U loginrole postgres
WARNING:  permission denied to set role "grouprole"
WARNING:  permission denied to set role "loginrole2"
postgres=3D>

Note the code comment at about: =E2=80=8Bsrc/backend/commands/user.c@478-47=
9

"
Although it will work to say
=E2=80=8B =E2=80=8B
ALTER ROLE role ROLE rolenames", we don't document it.
=E2=80=8B"

While that's good to know the specific syntax in the comment is invalid on
its face.  It also doesn't say "why" we don't document it nor why it needs
to be accepted.  I'd say at this point the why is immaterial though.

I'm still in favor of documenting both commands and reducing our parental
involvement here.

In light of the above double-warning I'm concerned that "precedence" isn't
happening correctly here - but that could be an implementation artifact
(the more specific combination is executed second so that it ends up
overriding any settings attempted to be set by the less specific
=E2=80=8Bconfiguration).  In this case, though, the failed attempt to set t=
he
db+role setting would have resulted in the role setting taking effect if it
was valid.  I don't recall us making this distinction clear in the
documentation.

Tangentially, I'm not sure what, if anything, to do with 18.1 given this
knowledge.  18.1 was written assuming that the GUC variation of these
commands cannot fail and thus it is safe to execute the DATABASE version
followed by a ROLE specific version followed by a DATABASE+ROLE version.
This seems correct on its face and as I said up-thread this whole ROLE
business isn't really a configuration variable even though it is
shoe-horned into that infrastructure.=E2=80=8B  I'm inclined to leave well =
enough
alone.

David J.

В списке pgsql-bugs по дате отправления:

Предыдущее
От: "David G. Johnston"
Дата:
Сообщение: Re: BUG #14242: Role with a setconfig "role" setting to a nonexistent role causes pg_upgrade to fail
Следующее
От: "David G. Johnston"
Дата:
Сообщение: Re: BUG #14242: Role with a setconfig "role" setting to a nonexistent role causes pg_upgrade to fail