Hi all, As of now, file access functions in genfile.c can only be used by superusers. This proposal is to relax those functions so as replication users can use them as well. Here are the functions aimed by this patch: - pg_stat_file - pg_read_binary_file - pg_read_file - pg_ls_dir The main argument for this change is that pg_rewind makes use of those functions, forcing users to use a superuser role when rewinding a node. And with this patch, we could allow replication roles to do the same. Another argument in favor of this change is to allow replication users to dump directly the contents of PGDATA via SQL, though I don't believe that there are many people doing so these days.
Also, replication roles can already have an access to the contents of PGDATA by taking a base backup for example, so this change looks logical to me, even if we filter out some files in a base backup, though I could not find any arguments to not let a replication user have a look at them via those functions. A patch is attached, I am adding it as well to the next CF. Regards, -- Michael
diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml index b3b78d2..d45a591 100644 --- a/doc/src/sgml/func.sgml +++ b/doc/src/sgml/func.sgml @@ -17877,7 +17877,8 @@ postgres=# SELECT * FROM pg_xlogfile_name_offset(pg_stop_backup()); database cluster directory and the <varname>log_directory</> can be accessed. Use a relative path for files in the cluster directory, and a path matching the <varname>log_directory</> configuration setting - for log files. Use of these functions is restricted to superusers. + for log files. Use of these functions is restricted to superusers and + replication roles. </para> <table id="functions-admin-genfile-table"> diff --git a/src/backend/utils/adt/genfile.c b/src/backend/utils/adt/genfile.c index c4eb10d..046331d 100644 --- a/src/backend/utils/adt/genfile.c +++ b/src/backend/utils/adt/genfile.c @@ -194,10 +194,10 @@ pg_read_file(PG_FUNCTION_ARGS) char *filename; text *result; - if (!superuser()) + if (!superuser() && !has_rolreplication(GetUserId())) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - (errmsg("must be superuser to read files")))); + (errmsg("must be superuser or replication role to read files")))); /* handle optional arguments */ if (PG_NARGS() >= 3) @@ -235,10 +235,10 @@ pg_read_binary_file(PG_FUNCTION_ARGS) char *filename; bytea *result; - if (!superuser()) + if (!superuser() && !has_rolreplication(GetUserId())) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - (errmsg("must be superuser to read files")))); + (errmsg("must be superuser or replication role to read files")))); /* handle optional arguments */ if (PG_NARGS() >= 3) @@ -312,10 +312,10 @@ pg_stat_file(PG_FUNCTION_ARGS) TupleDesc tupdesc; bool missing_ok = false; - if (!superuser()) + if (!superuser() && !has_rolreplication(GetUserId())) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - (errmsg("must be superuser to get file information")))); + (errmsg("must be superuser or replication role to get file information")))); /* check the optional argument */ if (PG_NARGS() == 2) @@ -398,10 +398,10 @@ pg_ls_dir(PG_FUNCTION_ARGS) directory_fctx *fctx; MemoryContext oldcontext; - if (!superuser()) + if (!superuser() && !has_rolreplication(GetUserId())) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - (errmsg("must be superuser to get directory listings")))); + (errmsg("must be superuser or replication role to get directory listings")))); if (SRF_IS_FIRSTCALL()) {
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers