Postgres Pro
Downloads
Home   >   mailing lists

Re: [PATCH] Largeobject access controls - Mailing list pgsql-hackers

From KaiGai Kohei
Subject Re: [PATCH] Largeobject access controls
Date
Msg-id 4A9B5AD1.3090002@ak.jp.nec.com
Whole thread Raw
In response to Re: [PATCH] Largeobject access controls  (KaiGai Kohei <kaigai@kaigai.gr.jp>)
List pgsql-hackers
Tree view 
The attached patch is the revised version of largeobject access controls.

It reverts pg_largeobject system catalog, and adds new pg_largeobject_meta
system catalog to store the owner identifier and its ACLs.

The definition of pg_largeobject_meta:

  #define LargeObjectMetaRelationId  2336

  CATALOG(pg_largeobject_meta,2336)
  {
      Oid         lomowner;       /* OID of the largeobject owner */
      aclitem     lomacl[1];      /* access permissions */
  } FormData_pg_largeobject_meta;

The pg_largeobject system catalog is still used to store data chunks of
largeobjects, and its pg_largeobject.loid is associated with OID of the
pg_largeobject_meta system catalog.

* It also supports case handling in DROP ROLE and REASSIGN/DROP OWNED
  using existing dependency mechanism.
* A new "ALTER LARGE OBJECT <oid> OWNER TO <user>" statement was added.
* Permission checks on creation of largeobjects are dropped. It implicitly
  allows everyone to create a new largeobject.
  (CREATE USER LARGEOBJECT/NOLARGEOBJECT is also dropped.)
* The default ACL allows public to read/write new largeobjects as long as
  owner does not revoke permissions. (MEMO: It might be configurable
  using GUC whether the default allows public to read/write, or not.)

[Performance measurement]
We measured the time to execute \lo_import with two large files (the one
is well compressible, the other is not so) and \lo_export them.
In the result, it seems to me there are no significant regression here.

* Environment
  CPU: Pentium4 3.20GHz
  Mem: 512MB
  Kernel: 2.6.30-6.fc12.i586
  PostgreSQL configuration: all parameters are in default.

* Base PostgreSQL
  - Import/Export an uncompressible file
  [kaigai@saba ~]$ time -p psql postgres -c '\lo_import 512MB_Rnd'
  lo_import 16386
  real 132.33
  user 1.01
  sys 5.06
  [kaigai@saba ~]$ time -p psql postgres -c '\lo_export 16386 /dev/null'
  lo_export
  real 77.57
  user 0.79
  sys 3.76

  - Import/Export well compressible file
  [kaigai@saba ~]$ time -p psql postgres -c '\lo_import 512MB_Zero'
  lo_import 16387
  real 45.84
  user 0.91
  sys 5.38
  [kaigai@saba ~]$ time -p psql postgres -c '\lo_export 16387 /dev/null'
  lo_export
  real 13.51
  user 0.62
  sys 2.98

* with Largeobject access control patch
  - Import/Export an uncompressible file
  [kaigai@saba ~]$ time -p psql postgres -c '\lo_import 512MB_Rnd'
  lo_import 16384
  real 132.49
  user 1.13
  sys 5.10
  [kaigai@saba ~]$ time -p psql postgres -c '\lo_export 16384 /dev/null'
  lo_export
  real 76.14
  user 0.81
  sys 3.63

  - Import/Export well compressible file
  [kaigai@saba ~]$ time -p psql postgres -c '\lo_import 512MB_Zero'
  lo_import 16385
  real 44.21
  user 0.91
  sys 5.51
  [kaigai@saba ~]$ time -p psql postgres -c '\lo_export 16385 /dev/null'
  lo_export
  real 14.27
  user 0.66
  sys 3.11

Thanks,

[kaigai@saba blob]$ diffstat sepgsql-02-blob-8.5devel-r2272.patch.gz
 doc/src/sgml/ref/allfiles.sgml             |    1
 doc/src/sgml/ref/alter_large_object.sgml   |   75 ++++++++
 doc/src/sgml/ref/grant.sgml                |    8
 doc/src/sgml/ref/revoke.sgml               |    6
 doc/src/sgml/reference.sgml                |    1
 src/backend/catalog/Makefile               |    6
 src/backend/catalog/aclchk.c               |  247 ++++++++++++++++++++++++++
 src/backend/catalog/dependency.c           |   14 +
 src/backend/catalog/pg_largeobject.c       |  270 +++++++++!!!!!!!!!!!!!!!!!!!
 src/backend/catalog/pg_shdepend.c          |    8
 src/backend/commands/alter.c               |    5
 src/backend/commands/comment.c             |   14 !
 src/backend/commands/tablecmds.c           |    1
 src/backend/libpq/be-fsstubs.c             |   49 ++--
 src/backend/parser/gram.y                  |   20 ++
 src/backend/storage/large_object/inv_api.c |  115 +++-----!!!!
 src/backend/tcop/utility.c                 |    3
 src/backend/utils/adt/acl.c                |    5
 src/backend/utils/cache/syscache.c         |   13 +
 src/include/catalog/dependency.h           |    1
 src/include/catalog/indexing.h             |    3
 src/include/catalog/pg_largeobject_meta.h  |   66 +++++++
 src/include/nodes/parsenodes.h             |    1
 src/include/utils/acl.h                    |    6
 src/include/utils/syscache.h               |    1
 src/test/regress/expected/privileges.out   |  162 +++++++++++++++++
 src/test/regress/expected/sanity_check.out |    3
 src/test/regress/sql/privileges.sql        |   65 ++++++
 28 files changed, 859 insertions(+), 73 deletions(-), 237 modifications(!)

--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>
Attachment

pgsql-hackers by date:

Previous
From: Stefan Kaltenbrunner
Date:
Subject: Re: LWLock Queue Jumping
Next
From: Heikki Linnakangas
Date:
Subject: Re: hot standby - further cleanup of recovery procs stuff