Hi,
Destroying databases, can anyone remind me why a user has to have the
"create user" permission before they can destroy a database they have
created?
I remember some discussion of this in the dim and distant past but
could not recall why it had to be so.
./backend/parser/dbcommands.c has the following lines:-
} else if (dbfound && !strcmp(command, "destroydb")
&& dbowner != *userIdP && use_super == false) {
elog(WARN, "%s: database %s is not owned by you.", command, dbname);
}
Which seems to be checking for ownership or superuser status.
The command seems to be failing at the following step:-
/* remove the pg_database tuple FIRST,
this may fail due to permissions problems*/
sprintf(buf, "delete from pg_database where pg_database.oid = \'%d\'::oid",
db_id);
pg_eval(buf, (char **) NULL, (Oid *) NULL, 0);
Which implies that you have to have "create user" permission to be able to
delete from pg_database?
I wonder if there is anything we can do here to permit the delete in these
circumstances? If we get this far we must be the superuser or the database
owner so it should be OK.
Could we switch users before the delete and then back after?
Keith.
------------------------------
