Обсуждение: pgsql: adjust ACL owners for REASSIGN and ALTER OWNER TO

Поиск
Список
Период
Сортировка

pgsql: adjust ACL owners for REASSIGN and ALTER OWNER TO

От
Bruce Momjian
Дата:
adjust ACL owners for REASSIGN and ALTER OWNER TO

When REASSIGN and ALTER OWNER TO are used, both the object owner and ACL
list should be changed from the old owner to the new owner. This patch
fixes types, foreign data wrappers, and foreign servers to change their
ACL list properly;  they already changed owners properly.

BACKWARD INCOMPATIBILITY?

Report by Alexey Bashtanov

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/59367fdf97cc1875b053ebf87cd1e071dc7f3640

Modified Files
--------------
src/backend/commands/foreigncmds.c         |   56 ++++++++++++++-
src/backend/commands/typecmds.c            |   65 ++++++++++++++---
src/test/regress/expected/foreign_data.out |  104 ++++++++++++++--------------
3 files changed, 161 insertions(+), 64 deletions(-)

Re: pgsql: adjust ACL owners for REASSIGN and ALTER OWNER TO

От
Alvaro Herrera
Дата:
Bruce Momjian wrote:
> adjust ACL owners for REASSIGN and ALTER OWNER TO
>
> When REASSIGN and ALTER OWNER TO are used, both the object owner and ACL
> list should be changed from the old owner to the new owner. This patch
> fixes types, foreign data wrappers, and foreign servers to change their
> ACL list properly;  they already changed owners properly.

Isn't this a backpatchable bug fix?

--
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Re: pgsql: adjust ACL owners for REASSIGN and ALTER OWNER TO

От
Bruce Momjian
Дата:
On Thu, Jan 22, 2015 at 02:54:51PM -0300, Alvaro Herrera wrote:
> Bruce Momjian wrote:
> > adjust ACL owners for REASSIGN and ALTER OWNER TO
> >
> > When REASSIGN and ALTER OWNER TO are used, both the object owner and ACL
> > list should be changed from the old owner to the new owner. This patch
> > fixes types, foreign data wrappers, and foreign servers to change their
> > ACL list properly;  they already changed owners properly.
>
> Isn't this a backpatchable bug fix?

Uh, I don't think so as it changes _security_ behavior that people might
be relying on.  The issue is that you might be expecting to keep the
same permissions on the old owner and your script might just add the new
owner ACL, while the patch removes the old owner's ACL and adds the new
user to be consistent with other types.

My big question is whether this change is something we would mention as
backward incompatible in the 9.5 release notes.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + Everyone has their own god. +