On Mon, Dec 12, 2005 at 06:37:03PM -0500, Tom Lane wrote: > "Jim C. Nasby" <[EMAIL PROTECTED]> writes: > > On Mon, Dec 12, 2005 at 05:43:47PM -0500, Rod Taylor wrote: > >> A sudo equivalent would be a version of psql that always connected to > >> the database using super-user and allowed command execution based on a > >> regular expression. Bit of a hack to say the least. > > > How is that at all what you're describing? > > sudo gives you the ability to run a command as root, plain and simple. > > Perhaps you should read the sudo documentation sometime ;-). sudo > allows fairly fine-grained control over who can become which userid > and what commands they can issue. (At least the Linux version does.) > > I'm not sure that a psql sudo would have to have all that, since to > some extent it'd duplicate the existing SQL permissions machinery,
Yeah, that's taking my analogy farther than I intended. :) > but at the very least it needs to allow specification of the target > userid. There isn't any universal equivalent to "root" that we could > sensibly default to in Postgres. So you're really talking about Database owner? > Implementing sudo on the psql side would be a bit of a PITA, because > of the problem of "how do you reset role if the called command fails > (and thereby aborts your open transaction)?" On the backend side I > think it could use the same reset mechanism that already exists for > security-definer functions... Heh, I figured adding this to the grammar would be a nightmare compared to anything else; shows what (little) I know. :) -- Jim C. Nasby, Sr. Engineering Consultant [EMAIL PROTECTED] Pervasive Software http://pervasive.com work: 512-231-6117 vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461 ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
