Обсуждение: BUG #16795: Can't give "grant execute on pg_start_backup to .."
The following bug has been logged on the website:
Bug reference: 16795
Logged by: Ken
Email address: ken.karma@gmail.com
PostgreSQL version: 13.1
Operating system: CentOS Linux release 7.9.2009
Description:
I'm want to make backup user who haven't SUPERUSER, but have "Replication"
role what must be enough, in document:
25.3.3.1. Making a Non-Exclusive Low-Level Backup
A non-exclusive low level backup is one that allows other concurrent backups
to be running (both those started using the same backup API and those
started using pg_basebackup).
Ensure that WAL archiving is enabled and working.
Connect to the server (it does not matter which database) as a user with
rights to run pg_start_backup (superuser, or a user who has been granted
EXECUTE on the function) and issue the command:
SELECT pg_start_backup('label', false, false);
But I can't give this grant:
psql -U postgres
psql (13.1)
Type "help" for help.
postgres=# create role backup replication login;
CREATE ROLE
postgres=# grant pg_read_all_settings to backup ;
GRANT ROLE
postgres=# grant SELECT on pg_start_backup to backup ;
ERROR: relation "pg_start_backup" does not exist
postgres=# grant EXECUTE on pg_catalog.pg_start_backup to backup ;
ERROR: relation "pg_catalog.pg_start_backup" does not exist
postgres=# grant SELECT on pg_catalog.pg_start_backup to backup ;
ERROR: relation "pg_catalog.pg_start_backup" does not exist
postgres=# select pg_start_backup('Daily backup');
pg_start_backup
-----------------
0/10000028
(1 row)
postgres=# \df pg_start_backup ;
List of functions
Schema | Name | Result data type |
Argument data types | Type
------------+-----------------+------------------+------------------------------------------------------------------------+------
pg_catalog | pg_start_backup | pg_lsn | label text, fast boolean
DEFAULT false, exclusive boolean DEFAULT true | func
(1 row)
[root@host.test.mta ~]# psql -U backup postgres
psql (13.1)
Type "help" for help.
postgres=> select pg_start_backup('Daily backup');
ERROR: permission denied for function pg_start_backup
postgres=> \du+
List of roles
Role name | Attributes |
Member of | Description
-----------+------------------------------------------------------------+------------------------+-------------
backup | Replication |
{pg_read_all_settings} |
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
|
In PostrgreSQL log:
2020-12-28 19:20:07.696 EET postgres postgres [10076]ERROR: relation
"pg_catalog.pg_start_backup" does not exist
2020-12-28 19:20:07.696 EET postgres postgres [10076]STATEMENT: grant
EXECUTE on pg_catalog.pg_start_backup to backup ;
2020-12-28 19:21:48.853 EET postgres postgres [10076]ERROR: relation
"pg_catalog.pg_start_backup" does not exist
2020-12-28 19:21:48.853 EET postgres postgres [10076]STATEMENT: grant
SELECT on pg_catalog.pg_start_backup to backup ;
2020-12-28 20:18:30.281 EET postgres backup [12482]ERROR: permission denied
for function pg_start_backup
2020-12-28 20:18:30.281 EET postgres backup [12482]STATEMENT: select
pg_start_backup('Daily backup');
Do I miss something, why can't I give execute on pg_start_backup to user
backup?
PG Bug reporting form <noreply@postgresql.org> writes:
> postgres=# grant EXECUTE on pg_catalog.pg_start_backup to backup ;
> ERROR: relation "pg_catalog.pg_start_backup" does not exist
pg_start_backup is a function not a table. Try
grant execute on function pg_start_backup to backup;
(In versions before PG10 you'd need to specify the function's
arguments too. Newer versions allow this shortcut as long as there's
only one function by that name.)
regards, tom lane
Hi, Thank You Tom!
This is true, sorry for the wrong bug reporting.
Best regards,
Ken K
28.12.20 22:48 Tom Lane kirjutas:
grant execute on function pg_start_backup to backup;