Home > mailing lists

Re: system administration functions with hardcoded superuser checks - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: system administration functions with hardcoded superuser checks
Date	January 15, 2013 17:25:43
Msg-id	50F566E4.6080708@gmx.net Whole thread Raw
In response to	system administration functions with hardcoded superuser checks (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: system administration functions with hardcoded superuser checks
List	pgsql-hackers

Tree view

On 12/18/12 12:09 PM, Peter Eisentraut wrote:
> There are some system administration functions that have hardcoded
> superuser checks, specifically:
>
> pg_reload_conf
> pg_rotate_logfile
> pg_read_file
> pg_read_file_all
> pg_read_binary_file
> pg_read_binary_file_all
> pg_stat_file
> pg_ls_dir
>
> Some of these are useful in monitoring or maintenance tools, and the
> hardcoded superuser checks require that these tools run with maximum
> privileges.  Couldn't we just install these functions without default
> privileges and allow users to grant privileges as necessary?

This is still being debated, but just for the heck of it, here is a
patch for how this implementation would look like.

Attachment

pg-func-superuser-checks.patch

pgsql-hackers by date:

From: Alvaro Herrera
Date: 15 January 2013, 17:21:12
Subject: Re: recent ALTER whatever .. SET SCHEMA refactoring

From: Jan Wieck
Date: 15 January 2013, 17:43:17
Subject: Re: strange OOM errors with EXECUTE in PL/pgSQL

Re: system administration functions with hardcoded superuser checks - Mailing list pgsql-hackers

Attachment

Previous

Next