Thread: DELETE FROM pg_class

DELETE FROM pg_class

From
"Dawid Kuroczko"
Date:
Hello, I see that I can modify system tables even though I have
not set allow_system_table_mods...  Is this a feature or a bug?

Self contained code

postgres=# SELECT version();
                                                    version
---------------------------------------------------------------------------------------------------------------
 PostgreSQL 8.2.4 on i486-pc-linux-gnu, compiled by GCC cc (GCC) 4.1.3
20070718 (prerelease) (Debian 4.1.2-14)
(1 row)

postgres=# SHOW allow_system_table_mods;
 allow_system_table_mods
-------------------------
 off
(1 row)

postgres=# CREATE DATABASE foo;
CREATE DATABASE
postgres=# \c foo
You are now connected to database "foo".
foo=# DELETE FROM pg_class;
DELETE 204
foo=# SELECT count(*) FROM pg_class;
ERROR:  could not find pg_class tuple for index 2662
foo=# \c postgres
You are now connected to database "postgres".
postgres=# \c foo
server closed the connection unexpectedly
        This probably means the server terminated abnormally
        before or while processing the request.
Previous connection kept
postgres=#


   Regards,
     Dawid

Re: DELETE FROM pg_class

From
Simon Riggs
Date:
On Mon, 2007-09-24 at 14:44 +0200, Dawid Kuroczko wrote:

> Hello, I see that I can modify system tables even though I have
> not set allow_system_table_mods...  Is this a feature or a bug?

allow_system_table_mods allows you to modify the structure, not just the
data, i.e. add additional columns to system tables.

Superusers have the capability to modify data in catalog tables and many
other things besides, normal users don't.

--
  Simon Riggs
  2ndQuadrant  http://www.2ndQuadrant.com


Re: DELETE FROM pg_class

From
Tom Lane
Date:
Simon Riggs <simon@2ndquadrant.com> writes:
> On Mon, 2007-09-24 at 14:44 +0200, Dawid Kuroczko wrote:
>> Hello, I see that I can modify system tables even though I have
>> not set allow_system_table_mods...  Is this a feature or a bug?

> allow_system_table_mods allows you to modify the structure, not just the
> data, i.e. add additional columns to system tables.

> Superusers have the capability to modify data in catalog tables and many
> other things besides, normal users don't.

It is possible to disable this by turning off your
pg_authid.rolcatupdate flag, but AFAIR there is no handy support for
that (eg, no separate ALTER ROLE option).

The better advice though is "don't run as superuser except when you
absolutely must".  You don't do random work as root, do you?

            regards, tom lane

Re: DELETE FROM pg_class

From
"Dawid Kuroczko"
Date:
On 9/24/07, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Simon Riggs <simon@2ndquadrant.com> writes:
> > On Mon, 2007-09-24 at 14:44 +0200, Dawid Kuroczko wrote:
> >> Hello, I see that I can modify system tables even though I have
> >> not set allow_system_table_mods...  Is this a feature or a bug?
>
> > allow_system_table_mods allows you to modify the structure, not just the
> > data, i.e. add additional columns to system tables.
>
> > Superusers have the capability to modify data in catalog tables and many
> > other things besides, normal users don't.
>
> It is possible to disable this by turning off your
> pg_authid.rolcatupdate flag, but AFAIR there is no handy support for
> that (eg, no separate ALTER ROLE option).
>
> The better advice though is "don't run as superuser except when you
> absolutely must".  You don't do random work as root, do you?

Nah, actually a friend (user of the other open source RDBMS) asked
me if you can overload PostgreSQL builtins (like new()).  And it was quite
simple.  I thought though, that I need allow_system_table_mods for it
and it surprised me that I just needed to become superuser...

Somehow, when I read documentation, my internal parser omitted
the "of the structure" of the "Allows modification of the structure of
system tables." sentence.  I feel a bit foolish for asking this question,
but now I am a bit wiser.

   Regards,
       Dawid