Home > mailing lists

Re: BUG #15371: a user who not a member of pg_read_server_files rolecan create a new user into pg_read_server_files - Mailing list pgsql-bugs

From	David G. Johnston
Subject	Re: BUG #15371: a user who not a member of pg_read_server_files rolecan create a new user into pg_read_server_files
Date	September 8, 2018 13:41:45
Msg-id	CAKFQuwYyGB11h7oEUp8pbgnCGzWpaa9Z+NEKZ5xk_4qrCMdyyQ@mail.gmail.com Whole thread Raw
In response to	BUG #15371: a user who not a member of pg_read_server_files role cancreate a new user into pg_read_server_files (PG Bug reporting form <noreply@postgresql.org>)
List	pgsql-bugs

Tree view

On Saturday, September 8, 2018, PG Bug reporting form <noreply@postgresql.org> wrote:

1,execute "CREATE USER mytestuser WITH PASSWORD '12345678' CREATEDB
CREATEROLE;" use a supper user;

So, reading the create role docs this seems to be working as designed.

“ Be careful with the CREATEROLE privilege. There is no concept of inheritance for the privileges of a CREATEROLE-role. That means that even if a role does not have a certain privilege but is allowed to create other roles, it can easily create another role with different privileges than its own (except for creating roles with superuser privileges)“

David J.

pgsql-bugs by date:

From: "David G. Johnston"
Date: 08 September 2018, 13:37:01
Subject: Re: BUG #15371: a user who not a member of pg_read_server_files rolecan create a new user into pg_read_server_files

From: Tom Lane
Date: 08 September 2018, 17:11:30
Subject: Re: BUG #15372: pg_stat_statements extension ignore stats_temp_directory setting and always write into pg_stat_tmp

Re: BUG #15371: a user who not a member of pg_read_server_files rolecan create a new user into pg_read_server_files - Mailing list pgsql-bugs

Previous

Next