Thread: pgsql: Reserve the "pg_" namespace for roles

Reserve the "pg_" namespace for roles

This will prevent users from creating roles which begin with "pg_" and
will check for those roles before allowing an upgrade using pg_upgrade.

This will allow for default roles to be provided at initdb time.

Reviews by José Luis Tallón and Robert Haas

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/293007898d3fa5a815c1c5814df53627553f114d

Modified Files
--------------
doc/src/sgml/ref/psql-ref.sgml          |  8 ++++--
src/backend/catalog/aclchk.c            |  7 +++++
src/backend/catalog/catalog.c           |  5 ++--
src/backend/commands/alter.c            |  3 ++
src/backend/commands/foreigncmds.c      | 13 +++++++++
src/backend/commands/policy.c           |  5 ++++
src/backend/commands/schemacmds.c       |  4 +++
src/backend/commands/tablecmds.c        |  2 ++
src/backend/commands/tablespace.c       |  4 +++
src/backend/commands/user.c             | 49 +++++++++++++++++++++++++++++++++
src/backend/commands/variable.c         |  3 ++
src/backend/utils/adt/acl.c             | 39 ++++++++++++++++++++++++++
src/bin/pg_dump/pg_dumpall.c            | 11 +++++++-
src/bin/pg_upgrade/check.c              | 40 +++++++++++++++++++++++++--
src/bin/psql/command.c                  |  4 +--
src/bin/psql/describe.c                 |  5 +++-
src/bin/psql/describe.h                 |  2 +-
src/bin/psql/help.c                     |  4 +--
src/include/utils/acl.h                 |  1 +
src/test/regress/expected/rolenames.out | 20 ++++++++++++++
src/test/regress/sql/rolenames.sql      | 10 +++++++
21 files changed, 226 insertions(+), 13 deletions(-)

On Fri, Apr  8, 2016 at 08:56:34PM +0000, Stephen Frost wrote:
> Reserve the "pg_" namespace for roles
>
> This will prevent users from creating roles which begin with "pg_" and
> will check for those roles before allowing an upgrade using pg_upgrade.
>
> This will allow for default roles to be provided at initdb time.

Nice you added the check to pg_upgrade, but I assume a pg_dumpall
restore is going to fail pretty badly, e.g. any pg_* object assignment
will fail.  I guess there isn't much we can do to fix that.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+                     Ancient Roman grave inscription +

On Fri, Apr 29, 2016 at 08:05:15AM -0400, Stephen Frost wrote:
> Bruce,
>
> On Friday, April 29, 2016, Bruce Momjian <bruce@momjian.us> wrote:
>
>     On Fri, Apr  8, 2016 at 08:56:34PM +0000, Stephen Frost wrote:
>     > Reserve the "pg_" namespace for roles
>     >
>     > This will prevent users from creating roles which begin with "pg_" and
>     > will check for those roles before allowing an upgrade using pg_upgrade.
>     >
>     > This will allow for default roles to be provided at initdb time.
>
>     Nice you added the check to pg_upgrade, but I assume a pg_dumpall
>     restore is going to fail pretty badly, e.g. any pg_* object assignment
>     will fail.  I guess there isn't much we can do to fix that.
>
>
> The pg_dumpall will work but will throw a warning. A restore will fail to
> recreate any pg_* roles and there could be follow-on errors from that, of
> course. 

OK, good --- that's the best we can do.

> I had pg_dumpall throw an error initially, but based on discussion that was
> considered too harsh. 

OK.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+                     Ancient Roman grave inscription +