On Tue, Dec 18, 2012 at 7:41 PM, Noah Misch <n...@leadboat.com> wrote: > On Tue, Dec 18, 2012 at 12:09:10PM -0500, Peter Eisentraut wrote: >> There are some system administration functions that have hardcoded >> superuser checks, specifically: >> >> pg_reload_conf >> pg_rotate_logfile >> pg_read_file >> pg_read_file_all >> pg_read_binary_file >> pg_read_binary_file_all >> pg_stat_file >> pg_ls_dir >> >> Some of these are useful in monitoring or maintenance tools, and the >> hardcoded superuser checks require that these tools run with maximum >> privileges. Couldn't we just install these functions without default >> privileges and allow users to grant privileges as necessary? > > +1. You can already use a SECURITY DEFINER wrapper, so I don't think this > opens any particular floodgate. GRANT is a nicer interface. However, I would > not advertise this as a replacement for wrapper functions until pg_dump can > preserve ACL changes to pg_catalog objects.
Yeah. That is a bit of a foot-gun to this approach, although I too agree on the general theory. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
