Add default role 'pg_access_server_files' - Mailing list pgsql-hackers

From Stephen Frost
Subject Add default role 'pg_access_server_files'
Date
Msg-id 20171231191939.GR2416@tamriel.snowman.net
Whole thread Raw
Responses Re: Add default role 'pg_access_server_files'
Re: Add default role 'pg_access_server_files'
List pgsql-hackers
Greetings,

This patch adds a new default role called 'pg_access_server_files' which
allows an administrator to GRANT to a non-superuser role the ability to
access server-side files through PostgreSQL (as the user the database is
running as).  By itself, having this role allows a non-superuser to use
server-side COPY and to use file_fdw (if installed by a superuser and
GRANT'd USAGE on it).

Further, this patch moves the privilege check for the remaining misc
file functions from explicit superuser checks to the GRANT system,
similar to what's done for pg_ls_logdir() and others.  Lastly, these
functions are changed to allow a user with the 'pg_access_server_files'
role to be able to access files outside of the PG data directory.

This follows on and continues what was recently done with the
lo_import/export functions.  There's other superuser checks to replace
with grant'able default roles, but those probably make more sense as
independent patches.  I continue to be of the opinion that it'd be nice
to have more fine-grained control over these functions to limit the
access granted, but nothing here prevents that from being done and this
at least allows some movement away from having to have roles with
superuser access.

Thanks!

Stephen

Attachment

pgsql-hackers by date:

Previous
From: "David G. Johnston"
Date:
Subject: Re: TODO list (was Re: Contributing with code)
Next
From: Peter Geoghegan
Date:
Subject: Re: Contributing with code