Re: PG13 Trusted Extension usability issue - Mailing list pgsql-general

From Adrian Klaver
Subject Re: PG13 Trusted Extension usability issue
Date
Msg-id a8fd43bd-8e5d-2e94-5ef4-065881a946b3@aklaver.com
Whole thread Raw
In response to RE: PG13 Trusted Extension usability issue  ("Brad Nicholson" <bradn@ca.ibm.com>)
List pgsql-general
On 6/26/20 12:03 PM, Brad Nicholson wrote:
> Tom Lane <tgl@sss.pgh.pa.us> wrote on 2020/06/26 02:47:25 PM:
> 
>  > From: Tom Lane <tgl@sss.pgh.pa.us>
>  > To: "Brad Nicholson" <bradn@ca.ibm.com>
>  > Cc: pgsql-general@lists.postgresql.org
>  > Date: 2020/06/26 02:51 PM
>  > Subject: [EXTERNAL] Re: PG13 Trusted Extension usability issue
>  >
>  > "Brad Nicholson" <bradn@ca.ibm.com> writes:
>  > > First, as a long time user of the pgextwlist extension, I'm happy 
> to see
>  > > this functionality appearing in core.  However, as a long term user 
> of that
>  > > extension, I can say that ability to create an extension as a non-super
>  > > user is pretty limited in itself in a lot of cases.  Many 
> extensions both
>  > > in contrib and external ones (like PostGIS for example) don't give
>  > > appropriate permissions to actually use the extension.
>  >
>  > > Taking postgresql_fdw as an example.
>  >
>  > I'm confused about your point here.  postgresql_fdw has intentionally
>  > *not* been marked trusted.  That's partly because it doesn't seem like
>  > outside-the-database access is something we want to allow by default,
>  > but it's also the case that there are inside-the-database permissions
>  > issues.
> 
> Ah - I misread the docs.  Specifically I read this:
> 
> "For many extensions this means superuser privileges are needed. 
> However, if the extension is marked trusted in its control file, then it 
> can be installed by any user who has CREATE privilege on the current 
> database"

The rest of that paragraph:

"In this case the extension object itself will be owned by the calling 
user, but the contained objects will be owned by the bootstrap superuser 
(unless the extension's script explicitly assigns them to the calling 
user). This configuration gives the calling user the right to drop the 
extension, but not to modify individual objects within it."

> 
> To mean that you could mark any extension as trusted in the control file 
> to allow non-superuser installation.
> 
> Thanks,
> Brad
> 


-- 
Adrian Klaver
adrian.klaver@aklaver.com



pgsql-general by date:

Previous
From: "Brad Nicholson"
Date:
Subject: RE: PG13 Trusted Extension usability issue
Next
From: Gabe Kopley
Date:
Subject: Re: Interpreting autovacuum logs (9.6)