Home > mailing lists

CREATEROLE, CREATEDB - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	CREATEROLE, CREATEDB
Date	June 5, 2007 14:05:09
Msg-id	200706051604.44929.peter_e@gmx.net Whole thread Raw
Responses	Re: CREATEROLE, CREATEDB (Bernd Helmle <mailings@oopsware.de>) Re: CREATEROLE, CREATEDB (Chander Ganesan <chander@otg-nc.com>)
List	pgsql-hackers

Tree view

Is it correct that a user with CREATEROLE privilege but without CREATEDB 
privilege can create a user with *CREATEDB* privilege, thus bypassing his 
original restrictions?  This sequence doesn't look right:

pei=# create user foo1 createrole;
CREATE ROLE
pei=# \c - foo1
You are now connected to database "pei" as user "foo1".
pei=> create database test;
ERROR:  permission denied to create database
pei=> create user foo2 createdb;
CREATE ROLE
pei=> \c - foo2
You are now connected to database "pei" as user "foo2".
pei=> create database test;
CREATE DATABASE

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

pgsql-hackers by date:

From: Andrew Dunstan
Date: 05 June 2007, 13:56:57
Subject: Re: [HACHERS] privilege check: column level only?

From: "Merlin Moncure"
Date: 05 June 2007, 14:45:45
Subject: Re: libpq and Binary Data Formats

CREATEROLE, CREATEDB - Mailing list pgsql-hackers

Previous

Next