>
> Hi,
>
> Destroying databases, can anyone remind me why a user has to have the
> "create user" permission before they can destroy a database they have
> created?
>
> I remember some discussion of this in the dim and distant past but
> could not recall why it had to be so.
>
> ./backend/parser/dbcommands.c has the following lines:-
>
> } else if (dbfound && !strcmp(command, "destroydb")
> && dbowner != *userIdP && use_super == false) {
>
> elog(WARN, "%s: database %s is not owned by you.", command, dbname);
>
> }
>
> Which seems to be checking for ownership or superuser status.
>
> The command seems to be failing at the following step:-
>
>
> /* remove the pg_database tuple FIRST,
> this may fail due to permissions problems*/
> sprintf(buf, "delete from pg_database where pg_database.oid = \'%d\'::oid",
> db_id);
> pg_eval(buf, (char **) NULL, (Oid *) NULL, 0);
>
>
> Which implies that you have to have "create user" permission to be able to
> delete from pg_database?
>
> I wonder if there is anything we can do here to permit the delete in these
> circumstances? If we get this far we must be the superuser or the database
> owner so it should be OK.
>
> Could we switch users before the delete and then back after?
>
> Keith.
>
>
Seems like you are on to something.
This item has been on the TODO list for a while. Feel free to generate
a patch. We can all look at it if you want confirmation.
- --
Bruce Momjian
maillist@candle.pha.pa.us
------------------------------
