Thread: Another nasty pg_dump problem
On my 7.3 server:
australia=# \dp exercise_activities Access privileges for database "australia"Schema |
Table | Access privileges
--------+---------------------+---------------------------------------------
------------public | exercise_activities |
{=,chriskl=arwdRxt,auadmin=arwdRxt,au-diary=r,au-php=r}
(1 row)
is dumped as:
REVOKE ALL ON TABLE exercise_activities FROM PUBLIC;
GRANT ALL ON TABLE exercise_activities TO chriskl;
GRANT SELECT ON TABLE exercise_activities TO "au-diary";
GRANT SELECT ON TABLE exercise_activities TO "au-php";
Now if you load that into 7.4CVS, you get:
australia=# \dp exercise_activities Access privileges for
database "australia"Schema | Table |
Access privileges
--------+---------------------+---------------------------------------------
-------------------------------------------------------------public | exercise_activities |
{auadmin=a*r*w*d*R*x*t*/auadmin,chriskl=arwdRxt/auadmin,"\"au-diary\"=r/auad
min","\"au-php\"=r/auadmin"}
(1 row)
Which is dumped as:
REVOKE ALL ON TABLE exercise_activities FROM PUBLIC;
GRANT ALL ON TABLE exercise_activities TO chriskl;
GRANT SELECT ON TABLE exercise_activities TO "\""au-diary\""";
GRANT SELECT ON TABLE exercise_activities TO "\""au-php\""";
ie. 7.4 considers the double quotes around a username to be part of the
username...
Chris
"Christopher Kings-Lynne" <chriskl@familyhealth.com.au> writes:
> On my 7.3 server:
> REVOKE ALL ON TABLE exercise_activities FROM PUBLIC;
> GRANT ALL ON TABLE exercise_activities TO chriskl;
> GRANT SELECT ON TABLE exercise_activities TO "au-diary";
> GRANT SELECT ON TABLE exercise_activities TO "au-php";
> Now if you load that into 7.4CVS, you get:
> REVOKE ALL ON TABLE exercise_activities FROM PUBLIC;
> GRANT ALL ON TABLE exercise_activities TO chriskl;
> GRANT SELECT ON TABLE exercise_activities TO "\""au-diary\""";
> GRANT SELECT ON TABLE exercise_activities TO "\""au-php\""";
I've repaired this in CVS tip. While testing it, though, I notice that
CVS-tip pg_dump puts out useless commands
REVOKE ALL ON SCHEMA public FROM PUBLIC;GRANT ALL ON SCHEMA public TO PUBLIC;
which are not generated when dumping from 7.3. The reason evidently is
that this check in pg_dump.c no longer works:
/* * If it's the PUBLIC namespace, don't emit a CREATE SCHEMA record * for it, since we expect
PUBLICto exist already in the * destination database. And emit ACL info only if the ACL isn't * the
standardvalue for PUBLIC. */ if (strcmp(nspinfo->nspname, "public") == 0) { if (!aclsSkip
&&strcmp(nspinfo->nspacl, "{=UC}") != 0) dumpACL(fout, "SCHEMA", qnspname, nspinfo->nspname, NULL,
nspinfo->usename, nspinfo->nspacl, nspinfo->oid); }
since the default ACL for public no longer looks like that. Can we fix
this?
regards, tom lane
Tom Lane writes: > I've repaired this in CVS tip. While testing it, though, I notice that > CVS-tip pg_dump puts out useless commands > > REVOKE ALL ON SCHEMA public FROM PUBLIC; > GRANT ALL ON SCHEMA public TO PUBLIC; > > which are not generated when dumping from 7.3. The reason evidently is > that this check in pg_dump.c no longer works: This could be fixed, but note that elsewhere we use /* * Always start with REVOKE ALL FROM PUBLIC, so that we don't have to * wire-in knowledge about the default publicprivileges for different * kinds of objects. */ appendPQExpBuffer(firstsql, "REVOKE ALL ON %s %s FROM PUBLIC;\n", type, name); So maybe this isn't such a bad state after all. -- Peter Eisentraut peter_e@gmx.net
Peter Eisentraut <peter_e@gmx.net> writes:
> This could be fixed, but note that elsewhere we use
> /*
> * Always start with REVOKE ALL FROM PUBLIC, so that we don't have to
> * wire-in knowledge about the default public privileges for different
> * kinds of objects.
> */
> appendPQExpBuffer(firstsql, "REVOKE ALL ON %s %s FROM PUBLIC;\n",
> type, name);
> So maybe this isn't such a bad state after all.
Well, if you want to take that position then the test for "{=UC}" ought
to be ripped out, so that we are consistent about it across backend
versions.
regards, tom lane