Thread: GRANT ON C
I'm trying to load the pgcypto.sql file from the contrib in a database and
I've hit a problem which I never had in the past (maybe never did it this
way): when I try to load this file (psql -f) with a specific user, which is
not the postgres super-user I get a permission denied, and couldn't find how
to change that permission problem.
I the postgres super-user the only one that can create functions with LANGUAGE
C?
--
select 'mmarques' || '@' || 'unl.edu.ar' AS email;
-----------------------------------------------------------------
Martín Marqués | mmarques@unl.edu.ar
Programador, Administrador, DBA | Centro de Telemática
Universidad Nacional
del Litoral
-----------------------------------------------------------------
Martin Marques <martin@bugs.unl.edu.ar> writes: > Is the postgres super-user the only one that can create functions > with LANGUAGE C? Yes, because a C function can basically do anything it wants to with the privileges of the 'postgres' user. So you have to create the function as superuser, but you only have to do that once for each database... -Doug
El Dom 07 Dic 2003 17:10, Doug McNaught escribió:
> Martin Marques <martin@bugs.unl.edu.ar> writes:
>
> > Is the postgres super-user the only one that can create functions
> > with LANGUAGE C?
>
> Yes, because a C function can basically do anything it wants to with
> the privileges of the 'postgres' user.
>
> So you have to create the function as superuser, but you only have to
> do that once for each database...
OK.
It's how I thought it was, but need confirmation. ;-)
--
select 'mmarques' || '@' || 'unl.edu.ar' AS email;
-----------------------------------------------------------------
Martín Marqués | mmarques@unl.edu.ar
Programador, Administrador, DBA | Centro de Telemática
Universidad Nacional
del Litoral
-----------------------------------------------------------------
On Sun, 2003-12-07 at 20:00, Martin Marques wrote: > I'm trying to load the pgcypto.sql file from the contrib in a database and > I've hit a problem which I never had in the past (maybe never did it this > way): when I try to load this file (psql -f) with a specific user, which is > not the postgres super-user I get a permission denied, and couldn't find how > to change that permission problem. > I the postgres super-user the only one that can create functions with LANGUAGE > C? Yes. Just think of all the things you can do in C with the backend's permissions. -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight, UK http://www.lfix.co.uk/oliver GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "And if thy hand offend thee, cut it off; it is better for thee to enter into life maimed, than having two hands to go into hell, into the fire that never shall be quenched." Mark 9:43
Martin Marques <martin@bugs.unl.edu.ar> writes:
> Is the postgres super-user the only one that can create functions with
> LANGUAGE C?
Yes. Since there's no way to constrain what a C function does, it would
be silly to imagine that a non-superuser wouldn't own the database if he
could create C functions.
regards, tom lane