Postgres Pro
Downloads
Home   >   mailing lists

Directory/File Access Permissions for COPY and Generic File Access Functions - Mailing list pgsql-hackers

From Brightwell, Adam
Subject Directory/File Access Permissions for COPY and Generic File Access Functions
Date
Msg-id CAKRt6CRCQ1jmh3o8gkBBHxWqBJz4StnYUQjO0W8Kauru_SfPKA@mail.gmail.com
Whole thread Raw
Responses Re: Directory/File Access Permissions for COPY and Generic File Access Functions
Re: Directory/File Access Permissions for COPY and Generic File Access Functions
List pgsql-hackers
Tree view
All,

The attached patch for review implements a directory permission system that allows for providing a directory read/write capability to directories for COPY TO/FROM and Generic File Access Functions to non-superusers.  This is not a complete solution as it does not currently contain documentation or regression tests.  Though it is my hopes to get some feedback as I am sure there are some aspects of it that need to be reworked.  So I thought I'd put it out there for comments/review.

The approach taken is to create "directory aliases" that have a unique name and path, as well as an associated ACL list.  A superuser can create a new alias to any directory on the system and then provide READ or WRITE permissions to any non-superuser.  When a non-superuser then attempts to execute a COPY TO/FROM or any one of the generic file access functions, a permission check is performed against the aliases for the user and target directory.  Superusers are allowed to bypass all of these checks.  All alias paths must be an absolute path in order to avoid potential risks.  However, in the generic file access functions superusers are still allowed to execute the functions with a relative path where non-superusers are required to provide an absolute path.

- Implementation Details -

System Catalog:
pg_diralias
 - dirname - the name of the directory alias
 - dirpath - the directory path - must be absolute
 - diracl - the ACL for the directory

Syntax:
CREATE DIRALIAS <name> AS '<path>'
ALTER DIRALIAS <name> AS '<path>'
ALTER DIRALIAS <name> RENAME TO <new_name>
DROP DIRALIAS <name>

This is probably the area that I would really appreciate your thoughts and recommendations. To GRANT permissions to a directory alias, I had to create a special variant of GRANT since READ and WRITE are not reserved keywords and causes grammar issues.  Therefore, I chose to start with the following syntax:

GRANT ON DIRALIAS <name> <permissions> TO <roles>

where <permissions> is either READ, WRITE or ALL.

Any comments, suggestions or feedback would be greatly appreciated.

Thanks,
Attachment

pgsql-hackers by date:

Previous
From: Simon Riggs
Date:
Subject: Re: Improve automatic analyze messages for inheritance trees
Next
From: Tom Lane
Date:
Subject: Re: Directory/File Access Permissions for COPY and Generic File Access Functions