Hi all,
As of now, file access functions in genfile.c can only be used by
superusers. This proposal is to relax those functions so as
replication users can use them as well. Here are the functions aimed
by this patch:
- pg_stat_file
- pg_read_binary_file
- pg_read_file
- pg_ls_dir
The main argument for this change is that pg_rewind makes use of those
functions, forcing users to use a superuser role when rewinding a
node. And with this patch, we could allow replication roles to do the
same. Another argument in favor of this change is to allow replication
users to dump directly the contents of PGDATA via SQL, though I don't
believe that there are many people doing so these days.
Also, replication roles can already have an access to the contents of
PGDATA by taking a base backup for example, so this change looks
logical to me, even if we filter out some files in a base backup,
though I could not find any arguments to not let a replication user
have a look at them via those functions. A patch is attached, I am
adding it as well to the next CF.
Regards,
--
Michael
diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml
index b3b78d2..d45a591 100644
--- a/doc/src/sgml/func.sgml
+++ b/doc/src/sgml/func.sgml
@@ -17877,7 +17877,8 @@ postgres=# SELECT * FROM pg_xlogfile_name_offset(pg_stop_backup());
database cluster directory and the <varname>log_directory</> can be
accessed. Use a relative path for files in the cluster directory,
and a path matching the <varname>log_directory</> configuration setting
- for log files. Use of these functions is restricted to superusers.
+ for log files. Use of these functions is restricted to superusers and
+ replication roles.
</para>
<table id="functions-admin-genfile-table">
diff --git a/src/backend/utils/adt/genfile.c b/src/backend/utils/adt/genfile.c
index c4eb10d..046331d 100644
--- a/src/backend/utils/adt/genfile.c
+++ b/src/backend/utils/adt/genfile.c
@@ -194,10 +194,10 @@ pg_read_file(PG_FUNCTION_ARGS)
char *filename;
text *result;
- if (!superuser())
+ if (!superuser() && !has_rolreplication(GetUserId()))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- (errmsg("must be superuser to read files"))));
+ (errmsg("must be superuser or replication role to read files"))));
/* handle optional arguments */
if (PG_NARGS() >= 3)
@@ -235,10 +235,10 @@ pg_read_binary_file(PG_FUNCTION_ARGS)
char *filename;
bytea *result;
- if (!superuser())
+ if (!superuser() && !has_rolreplication(GetUserId()))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- (errmsg("must be superuser to read files"))));
+ (errmsg("must be superuser or replication role to read files"))));
/* handle optional arguments */
if (PG_NARGS() >= 3)
@@ -312,10 +312,10 @@ pg_stat_file(PG_FUNCTION_ARGS)
TupleDesc tupdesc;
bool missing_ok = false;
- if (!superuser())
+ if (!superuser() && !has_rolreplication(GetUserId()))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- (errmsg("must be superuser to get file information"))));
+ (errmsg("must be superuser or replication role to get file information"))));
/* check the optional argument */
if (PG_NARGS() == 2)
@@ -398,10 +398,10 @@ pg_ls_dir(PG_FUNCTION_ARGS)
directory_fctx *fctx;
MemoryContext oldcontext;
- if (!superuser())
+ if (!superuser() && !has_rolreplication(GetUserId()))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- (errmsg("must be superuser to get directory listings"))));
+ (errmsg("must be superuser or replication role to get directory listings"))));
if (SRF_IS_FIRSTCALL())
{
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
