Postgres Pro
Downloads
Home   >   mailing lists

Re: Bogus permissions display in 7.4 - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Bogus permissions display in 7.4
Date
Msg-id 7791.1084642640@sss.pgh.pa.us
Whole thread Raw
In response to Re: Bogus permissions display in 7.4  (Fabien COELHO <coelho@cri.ensmp.fr>)
Responses Re: Bogus permissions display in 7.4  (Fabien COELHO <coelho@cri.ensmp.fr>)
List pgsql-hackers
Tree view 
Fabien COELHO <coelho@cri.ensmp.fr> writes:
>> 4. I think that the system ACL entry should be "hidden" and not
>> displayed by ACL-list printing. I'm not quite sure yet how to make
>> that happen.  It would be nicer if the owner ID could be passed to
>> recursive_revoke out-of-band, instead of being represented inside the
>> ACL list, but I don't see how to do that for all its callers.

> (1) It seems to me that part of the consequence of what the suggest
>     could be that there would be no such thing as default acl implied
>     by a null entry in an aclitem. If so, this would be a very good thing.
>     However, this has implications on pg initialization.

I have no big interest in changing that right now.  It doesn't impact
any of the points at issue.

> (2) Although I subscribe your first 3 points, I do not like the
>     4th point.

I didn't either.  After working on it some more, what I want to do now
is keep the ACL representation the same as it is, but implicitly assume
that the owner has all grant options whether the ACL says so or not.
The "other callers" I was referring to above are the undocumented
aclinsert() and aclremove() functions, which I propose changing to
add an owner's-UID parameter to.  Neither of these are actually used
anywhere, so it might make more sense to just remove 'em.  We'd also
need to change aclcontains(), which is used in the information_schema
views.

With this code base it would not really matter whether default ACLs
include the owner's grant options or not.  I am inclined to the view
that they should not, so as to minimize clutter in the \z display.
One could argue that the owner doesn't really have grant options in the
normal sense anyway, the normal sense being a revocable right, which
these are not.

I have a preliminary patch for this, which I will post later --- it
needs some more work yet.  (I only just realized the need to do
something with aclcontains... at the moment the information_schema
in my patched version is showing that the owner doesn't have grant
options, which is probably not what we want it to say.)
        regards, tom lane

pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: add server include files to default installation?
Next
From: Thomas Hallgren
Date:
Subject: Re: add server include files to default installation?