Re: vacuumdb: permission denied for schema "pg_temp_7" - Mailing list pgsql-bugs

From Nathan Bossart
Subject Re: vacuumdb: permission denied for schema "pg_temp_7"
Date
Msg-id Zu3iMzfiGBTbg3iy@nathan
Whole thread Raw
In response to Re: vacuumdb: permission denied for schema "pg_temp_7"  (Noah Misch <noah@leadboat.com>)
Responses Re: vacuumdb: permission denied for schema "pg_temp_7"
List pgsql-bugs
On Fri, Sep 20, 2024 at 12:07:31PM -0700, Noah Misch wrote:
> v12 introduced this regression.  I suspect it started when commit e0c2933 "Use
> catalog query to discover tables to process in vacuumdb" switched vacuumdb
> from a simple "VACUUM;" command to per-table commands.  Non-superuser vacuumdb
> must be rare indeed for this to go unnoticed long enough to leave all
> supported branches affected.

I think the bug actually predates that commit, but it was only broken when
--jobs > 1.  Commit e0c2933 just broke the --jobs == 1 case, too.

> That helps, but we'd probably want to do something more general about vacuumdb
> and schema USAGE permission.

Hm.  I think filtering out schemas for which you lack USAGE makes sense
when neither --schema nor --table are specified, but if the user lists an
object they can't vacuum, we should probably fail.  My current thinking is
that we could still filter when --exclude-schema is used, but I'm curious
what others think.

You might also be interested in this thread about VACUUM and USAGE [0].

> Thanks for the report.

+1

[0] https://postgr.es/m/flat/56596b81-088f-4c0c-9a88-b5f27a7a62e9%40oss.nttdata.com

-- 
nathan



pgsql-bugs by date:

Previous
From: Noah Misch
Date:
Subject: Re: vacuumdb: permission denied for schema "pg_temp_7"
Next
From: Noah Misch
Date:
Subject: Re: vacuumdb: permission denied for schema "pg_temp_7"