On Mon, 25 Aug 2025 09:29:15 -0500
Nathan Bossart <nathandbossart@gmail.com> wrote:
> On Mon, Aug 25, 2025 at 10:30:32AM +0900, Yugo Nagata wrote:
> > The documentation fix looks good to me. However, it’s not very user-friendly that,
> > when the user lacks the required privileges, an error from the internal query is
> > raised. Instead, how about checking whether the user has the necessary privileges
> > and printing an appropriate message if any privilege is missing?
>
> Thanks for taking a look. I appreciate your suggestion, but I'm finding
> myself leaning -1 for a couple of reasons:
>
> * There's no precedent for this in vacuumdb. In fact, if the user
> specifies a nonexistent table, we return the error from the internal
> query, and if the user lacks privileges to VACUUM or ANALYZE a table, we
> let the command emit a WARNING and skip it. Intentionally or not, we
> seem to let the server do most of the work when it comes to this sort of
> thing. vacuumdb is just responsible for building and sending the
> commands.
>
> * I'm a little worried that warning about SELECT privileges on these
> catalogs will encourage people to grant privileges on them, which we
> probably don't want them to do. My proposed documentation note already
> carries some risk of this, but it at least specifically calls out that
> superusers should have the necessary privileges.
>
> * While probably rare, checking the privileges beforehand introduces race
> conditions that would cause the internal query error, anyway. I think
> there are already a few such race conditions already (e.g., if the table
> is dropped between the catalog query and the VACUUM or ANALYZE command),
> which AFAICT we just live with, but I'm wary of pressing our luck too
> much in this area.
Thank you for the clarification. I understand your points now,
so I'll withdraw my proposal.
Regards,
Yugo Nagata
--
Yugo Nagata <nagata@sraoss.co.jp>
