On Thu, 4 Nov 1999 postgres@taifun.interface-business.de wrote:
> > CREATE USER sql command updates the file, but an UPDATE on pg_shadow
> > does not.
>
> IMHO, that's a bug:
> It's not forbidden to update or insert into pg_shadow by rule, but if
> I do that I will get inconsistent authentication data.
> Why not revoke INSERT and UPDATE on pg_shadow?
That way the postgres superuser (the one that would ideally be
adding/removing users) can still access it. Access control doesn't apply
to table owners. And I'm not even sure if the CREATE USER command doesn't
depend on the insert privilege existing (vs the create user privilege of
the one that's executing it). It's not all that clear.
> Or better:
> Why not use a trigger on pg_shadow, to handle pg_pwd correctly?
> The trigger code is allways in "create/alter user" command handler.
I was thinking about some sort of internal hook that sees any access to
pg_shadow and redirects it to a file. Don't even have the table anymore.
Sort of like /dev/* devices are handled by the kernel.
I was going about looking into this a little, but since I have never
played with the backend I cannot promise a result in finite time.
-Peter
--
Peter Eisentraut Sernanders vaeg 10:115
peter_e@gmx.net 75262 Uppsala
http://yi.org/peter-e/ Sweden