Обсуждение: User names cannot contain `-'
I have a bug reported on the Debian package of 6.3.2:
> videotapes=> grant all on tapes to www-data;
> ERROR: aclparse: non-existent user "www"
It is, in fact, impossible to create the user www-data:
template1=> create user www-data;
ERROR: parser: parse error at or near "-"
template1=> create user 'www-data';
ERROR: parser: parse error at or near "'"
So there are two problems:
1. The error message
`ERROR: aclparse: non-existent user "www"'
is incorrect. The parser should actually object to the `-' character; it
appears to be silently dropping the `-data'.
2. The range of possible user names is not the same as the range of possible
Unix login names. However, the manual pages do not define what characters
are valid. The SQL standard is silent on this point; it simply regards
the current user name as an identifier supplied by the system. On the
other hand, it is clear that PostgreSQL regards a user name as an SQL
identifier, so that there is no distinction of case and no punctuation
characters are allowed.
Is it possible to make the parser accept the full range of Unix login names,
including some punctuation characters and upper- and lower-case letters?
--
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver
PGP key from public servers; key ID 32B8FAA1
========================================
Come to me, all you who labour and are heavily laden, and I will
give you rest. Take my yoke upon you, and learn from me; for I am
meek and lowly in heart, and you shall find rest for your souls.
For my yoke is easy and my burden is light. (Matthew 11: 28-30)
> > I have a bug reported on the Debian package of 6.3.2: > > > videotapes=> grant all on tapes to www-data; > > ERROR: aclparse: non-existent user "www" > > It is, in fact, impossible to create the user www-data: > > template1=> create user www-data; > ERROR: parser: parse error at or near "-" > template1=> create user 'www-data'; > ERROR: parser: parse error at or near "'" > > So there are two problems: > > 1. The error message > > `ERROR: aclparse: non-existent user "www"' > > is incorrect. The parser should actually object to the `-' character; it > appears to be silently dropping the `-data'. > > 2. The range of possible user names is not the same as the range of possible > Unix login names. However, the manual pages do not define what characters > are valid. The SQL standard is silent on this point; it simply regards > the current user name as an identifier supplied by the system. On the > other hand, it is clear that PostgreSQL regards a user name as an SQL > identifier, so that there is no distinction of case and no punctuation > characters are allowed. We allow undercores, but not dashes. -- Bruce Momjian | 830 Blythe Avenue maillist@candle.pha.pa.us | Drexel Hill, Pennsylvania 19026 + If your life is a hard drive, | (610) 353-9879(w) + Christ can be your backup. | (610) 853-3000(h)
"Oliver Elphick" <olly@lfix.co.uk> writes:
> I have a bug reported on the Debian package of 6.3.2:
>
> > videotapes=> grant all on tapes to www-data;
> > ERROR: aclparse: non-existent user "www"
>
> It is, in fact, impossible to create the user www-data:
>
> template1=> create user www-data;
> ERROR: parser: parse error at or near "-"
> template1=> create user 'www-data';
> ERROR: parser: parse error at or near "'"
I believe createuser program did that for me (either that or it was
preinstalled; I don't recall.) I did not issue a direct SQL command
to do it, so I think it is likely that createuser did it.
In any case:
template1=> select usename, usesysid, valuntil from pg_shadow;
usename |usesysid|valuntil
--------+--------+----------------------------
postgres| 31|Sat Jan 31 00:00:00 2037 CST
www-data| 33|Sat Jan 31 00:00:00 2037 CST
jgoerzen| 1000|Sat Jan 31 00:00:00 2037 CST
(3 rows)
--
John Goerzen Linux, Unix programming jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade) www.debian.org |
----------------------------------------------------------------------------+
``You'll notice that this scanner, Bill [Gates]...'' <Blue Screen of Death>
``Whoa!'' <Applause> ``Moving right along....'' -- Microsoft (Comdex
video at: http://cnn.com/TECH/computing/9804/20/gates.comdex/index.html
On 27 Apr 1998, John Goerzen wrote:
> "Oliver Elphick" <olly@lfix.co.uk> writes:
>
> > I have a bug reported on the Debian package of 6.3.2:
> >
> > > videotapes=> grant all on tapes to www-data;
> > > ERROR: aclparse: non-existent user "www"
> >
> > It is, in fact, impossible to create the user www-data:
> >
> > template1=> create user www-data;
> > ERROR: parser: parse error at or near "-"
> > template1=> create user 'www-data';
> > ERROR: parser: parse error at or near "'"
>
> I believe createuser program did that for me (either that or it was
> preinstalled; I don't recall.) I did not issue a direct SQL command
> to do it, so I think it is likely that createuser did it.
>
> In any case:
>
>
> template1=> select usename, usesysid, valuntil from pg_shadow;
> usename |usesysid|valuntil
> --------+--------+----------------------------
> postgres| 31|Sat Jan 31 00:00:00 2037 CST
> www-data| 33|Sat Jan 31 00:00:00 2037 CST
> jgoerzen| 1000|Sat Jan 31 00:00:00 2037 CST
> (3 rows)
This might have already been gone over, but if this was an upgrade
from a previous release, its possible that this was created with a
'dump/reload'?
The Hermit Hacker wrote: >> template1=> select usename, usesysid, valuntil from pg_shadow; >> usename |usesysid|valuntil >> --------+--------+---------------------------- >> postgres| 31|Sat Jan 31 00:00:00 2037 CST >> www-data| 33|Sat Jan 31 00:00:00 2037 CST >... > > This might have already been gone over, but if this was an upgrade >from a previous release, its possible that this was created with a >'dump/reload'? Createuser does not use the CREATE USER command. It updates the system tables directly. This enables it to be used to specify a user id, which CREATE USER does not allow. However, it also allows inconsistencies to arise, as here. So createuser can put in user names that CREATE USER cannot and that GRANT does not recognise. -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver PGP key from public servers; key ID 32B8FAA1 ======================================== Come to me, all you who labour and are heavily laden, and I will give you rest. Take my yoke upon you, and learn from me; for I am meek and lowly in heart, and you shall find rest for your souls. For my yoke is easy and my burden is light. (Matthew 11: 28-30)