On 18.12.2012 18:38, Pavel Stehule wrote: > 2012/12/18 Peter Eisentraut <pete...@gmx.net>: >> There are some system administration functions that have hardcoded >> superuser checks, specifically: >> >> pg_reload_conf >> pg_rotate_logfile >> >> Some of these are useful in monitoring or maintenance tools, and the >> hardcoded superuser checks require that these tools run with maximum >> privileges. Couldn't we just install these functions without default >> privileges and allow users to grant privileges as necessary? > > isn't it too strong gun for some people ??? > > I believe so some one can decrease necessary rights and it opens doors > to system.
No one was speaking about making them executable by a wider group of users by default (i.e. decreasing necessary rights). Today, when you need to provide the EXECUTE privilege on those functions, you have three options (a) make him a superuser - obviously not a good choice (b) create a SECURITY DEFINER wrapper **for each function separately** (c) deny to do that Being able to do a plain GRANT on the function is merely a simpler way to do (b). It has advantages (less objects/functions to care about) and disadvantages (e.g. you can't do additional parameter values checks). >> pg_read_file >> pg_read_file_all >> pg_read_binary_file >> pg_read_binary_file_all >> pg_stat_file >> pg_ls_dir > > is relative dangerous and I am not for opening these functions. > > power user can simply to write extension, but he knows what he does/ I see only dangers that are already present. Tomas -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
