Обсуждение: who can view pg_stat_activity?
Good morning,
--
We currently run postgres 9.4. The only way to view the pg_stat_activity view that I can see is that you must be a superuser. I couldn't find anything in the documentation to confirm or refute this. Could you please confirm if this is true or if not, what privileges are required?
Thank you for your time.
Mark Steben
Database Administrator
@utoRevenue | Autobase
CRM division of Dominion Dealer Solutions
95D Ashley Ave.
West Springfield, MA 01089
t: 413.327-3045
f: 413.383-9567
Database Administrator
@utoRevenue | Autobase
CRM division of Dominion Dealer Solutions
95D Ashley Ave.
West Springfield, MA 01089
t: 413.327-3045
f: 413.383-9567
www.fb.com/DominionDealerSolutions
www.twitter.com/DominionDealer
www.drivedominion.com
Hi Mark Steben,
There is no superuser required to view pg_stat_activity, a normal user can also view or access.
On Wed, Feb 7, 2018 at 10:27 PM, Mark Steben <mark.steben@drivedominion.com> wrote:
Good morning,We currently run postgres 9.4. The only way to view the pg_stat_activity view that I can see is that you must be a superuser. I couldn't find anything in the documentation to confirm or refute this. Could you please confirm if this is true or if not, what privileges are required?Thank you for your time.--Mark Steben
Database Administrator
@utoRevenue | Autobase
CRM division of Dominion Dealer Solutions
95D Ashley Ave.
West Springfield, MA 01089
t: 413.327-3045
f: 413.383-9567www.fb.com/
DominionDealerSolutions
www.twitter.com/DominionDealer
www.drivedominion.com
Thank you for your prompt answer Shreeyansh
I granted all privileges to the pg_stat_activity view to the newmail account and still get this result when trying to access:
select * from pg_stat_activity limit 4;
datid | datname | pid | usesysid | usename | application_name | client_addr | client_hostname | client_port | backend_start | xact_start | query_start | state_change | waiting | state | backend_xid | backend_xmin | query
-------+------------------+-------+----------+---------+------------------+-------------+-----------------+-------------+---------------+------------+-------------+--------------+---------+-------+-------------+--------------+--------------------------
16459 | prime_production | 6133 | 16395 | prime | | | | | | | | | | | | | <insufficient privilege>
16459 | prime_production | 57677 | 16395 | prime | | | | | | | | | | | | | <insufficient privilege>
16459 | prime_production | 5806 | 16395 | prime | | | | | | | | | | | | | <insufficient privilege>
16459 | prime_production | 17532 | 16395 | prime | | | | | | | | | | | | | <insufficient privilege>
On Wed, Feb 7, 2018 at 12:17 PM, Shreeyansh Dba <shreeyansh2014@gmail.com> wrote:
Hi Mark Steben,There is no superuser required to view pg_stat_activity, a normal user can also view or access.On Wed, Feb 7, 2018 at 10:27 PM, Mark Steben <mark.steben@drivedominion.com> wrote: Good morning,We currently run postgres 9.4. The only way to view the pg_stat_activity view that I can see is that you must be a superuser. I couldn't find anything in the documentation to confirm or refute this. Could you please confirm if this is true or if not, what privileges are required?Thank you for your time.--Mark Steben
Database Administrator
@utoRevenue | Autobase
CRM division of Dominion Dealer Solutions
95D Ashley Ave.
West Springfield, MA 01089
t: 413.327-3045
f: 413.383-9567www.fb.com/DominionDealerSolut
ions
www.twitter.com/DominionDealer
www.drivedominion.com
Mark Steben
Database Administrator
@utoRevenue | Autobase
CRM division of Dominion Dealer Solutions
95D Ashley Ave.
West Springfield, MA 01089
t: 413.327-3045
f: 413.383-9567
Database Administrator
@utoRevenue | Autobase
CRM division of Dominion Dealer Solutions
95D Ashley Ave.
West Springfield, MA 01089
t: 413.327-3045
f: 413.383-9567
www.fb.com/DominionDealerSolutions
www.twitter.com/DominionDealer
www.drivedominion.com
this seems to be a security hole. this means I can see query text for queries that aren't mine. anyone else concerned?
--cnemelka
On Wed, Feb 7, 2018 at 10:17 AM, Shreeyansh Dba <shreeyansh2014@gmail.com> wrote:
Hi Mark Steben,There is no superuser required to view pg_stat_activity, a normal user can also view or access.On Wed, Feb 7, 2018 at 10:27 PM, Mark Steben <mark.steben@drivedominion.com> wrote: Good morning,We currently run postgres 9.4. The only way to view the pg_stat_activity view that I can see is that you must be a superuser. I couldn't find anything in the documentation to confirm or refute this. Could you please confirm if this is true or if not, what privileges are required?Thank you for your time.--Mark Steben
Database Administrator
@utoRevenue | Autobase
CRM division of Dominion Dealer Solutions
95D Ashley Ave.
West Springfield, MA 01089
t: 413.327-3045
f: 413.383-9567www.fb.com/DominionDealerSolut
ions
www.twitter.com/DominionDealer
www.drivedominion.com
sweet! :)
--cnemelka
On Wed, Feb 7, 2018 at 10:31 AM, Mark Steben <mark.steben@drivedominion.com> wrote:
Thank you for your prompt answer ShreeyanshI granted all privileges to the pg_stat_activity view to the newmail account and still get this result when trying to access:select * from pg_stat_activity limit 4;datid | datname | pid | usesysid | usename | application_name | client_addr | client_hostname | client_port | backend_start | xact_start | query_start | state_change | waiting | state | backend_xid | backend_xmin | query-------+------------------+-------+----------+---------+---- --------------+-------------+- ----------------+------------- +---------------+------------+ -------------+--------------+- --------+-------+------------- +--------------+-------------- ------------ 16459 | prime_production | 6133 | 16395 | prime | | | | | | | | | | | | | <insufficient privilege>16459 | prime_production | 57677 | 16395 | prime | | | | | | | | | | | | | <insufficient privilege>16459 | prime_production | 5806 | 16395 | prime | | | | | | | | | | | | | <insufficient privilege>16459 | prime_production | 17532 | 16395 | prime | | | | | | | | | | | | | <insufficient privilege>On Wed, Feb 7, 2018 at 12:17 PM, Shreeyansh Dba <shreeyansh2014@gmail.com> wrote:Hi Mark Steben,There is no superuser required to view pg_stat_activity, a normal user can also view or access.On Wed, Feb 7, 2018 at 10:27 PM, Mark Steben <mark.steben@drivedominion.com> wrote: Good morning,We currently run postgres 9.4. The only way to view the pg_stat_activity view that I can see is that you must be a superuser. I couldn't find anything in the documentation to confirm or refute this. Could you please confirm if this is true or if not, what privileges are required?Thank you for your time.--Mark Steben
Database Administrator
@utoRevenue | Autobase
CRM division of Dominion Dealer Solutions
95D Ashley Ave.
West Springfield, MA 01089
t: 413.327-3045
f: 413.383-9567www.fb.com/DominionDealerSolut
ions
www.twitter.com/DominionDealer
www.drivedominion.com--Mark Steben
Database Administrator
@utoRevenue | Autobase
CRM division of Dominion Dealer Solutions
95D Ashley Ave.
West Springfield, MA 01089
t: 413.327-3045
f: 413.383-9567www.fb.com/
DominionDealerSolutions
www.twitter.com/DominionDealer
www.drivedominion.com
ok thanks for everyone's response.
On Wed, Feb 7, 2018 at 12:38 PM, Cory Nemelka <cnemelka@gmail.com> wrote:
sweet! :)--cnemelkaOn Wed, Feb 7, 2018 at 10:31 AM, Mark Steben <mark.steben@drivedominion.com> wrote: Thank you for your prompt answer ShreeyanshI granted all privileges to the pg_stat_activity view to the newmail account and still get this result when trying to access:select * from pg_stat_activity limit 4;datid | datname | pid | usesysid | usename | application_name | client_addr | client_hostname | client_port | backend_start | xact_start | query_start | state_change | waiting | state | backend_xid | backend_xmin | query-------+------------------+-------+----------+---------+---- --------------+-------------+- ----------------+------------- +---------------+------------+ -------------+--------------+- --------+-------+------------- +--------------+-------------- ------------ 16459 | prime_production | 6133 | 16395 | prime | | | | | | | | | | | | | <insufficient privilege>16459 | prime_production | 57677 | 16395 | prime | | | | | | | | | | | | | <insufficient privilege>16459 | prime_production | 5806 | 16395 | prime | | | | | | | | | | | | | <insufficient privilege>16459 | prime_production | 17532 | 16395 | prime | | | | | | | | | | | | | <insufficient privilege>On Wed, Feb 7, 2018 at 12:17 PM, Shreeyansh Dba <shreeyansh2014@gmail.com> wrote:Hi Mark Steben,There is no superuser required to view pg_stat_activity, a normal user can also view or access.On Wed, Feb 7, 2018 at 10:27 PM, Mark Steben <mark.steben@drivedominion.com> wrote: Good morning,We currently run postgres 9.4. The only way to view the pg_stat_activity view that I can see is that you must be a superuser. I couldn't find anything in the documentation to confirm or refute this. Could you please confirm if this is true or if not, what privileges are required?Thank you for your time.--Mark Steben
Database Administrator
@utoRevenue | Autobase
CRM division of Dominion Dealer Solutions
95D Ashley Ave.
West Springfield, MA 01089
t: 413.327-3045
f: 413.383-9567www.fb.com/DominionDealerSolut
ions
www.twitter.com/DominionDealer
www.drivedominion.com--Mark Steben
Database Administrator
@utoRevenue | Autobase
CRM division of Dominion Dealer Solutions
95D Ashley Ave.
West Springfield, MA 01089
t: 413.327-3045
f: 413.383-9567www.fb.com/DominionDealerSolut
ions
www.twitter.com/DominionDealer
www.drivedominion.com
Mark Steben
Database Administrator
@utoRevenue | Autobase
CRM division of Dominion Dealer Solutions
95D Ashley Ave.
West Springfield, MA 01089
t: 413.327-3045
f: 413.383-9567
Database Administrator
@utoRevenue | Autobase
CRM division of Dominion Dealer Solutions
95D Ashley Ave.
West Springfield, MA 01089
t: 413.327-3045
f: 413.383-9567
www.fb.com/DominionDealerSolutions
www.twitter.com/DominionDealer
www.drivedominion.com