Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> Great, thanks. I'll be doing more review of it myself and see about
> pushing it later this afternoon.
Took a bit longer as I wanted to check over a few more things, but I've
now pushed this. Thanks much for all of the help with review
Michael,
* Michael Paquier (mich...@paquier.xyz) wrote:
> On Mon, Apr 02, 2018 at 05:09:21PM -0400, Stephen Frost wrote:
> > * Michael Paquier (mich...@paquier.xyz) wrote:
> >> No refactoring for pg_file_unlink and its v1.1?
> >
> > I considered each function and thought about if it'd make sense
On Mon, Apr 02, 2018 at 05:09:21PM -0400, Stephen Frost wrote:
> * Michael Paquier (mich...@paquier.xyz) wrote:
>> No refactoring for pg_file_unlink and its v1.1?
>
> I considered each function and thought about if it'd make sense to
> refactor them or if they were simple enough that the
Michael, all,
* Michael Paquier (mich...@paquier.xyz) wrote:
> On Sun, Apr 01, 2018 at 09:39:02AM -0400, Stephen Frost wrote:
> > Thanks for checking. Attached is an updated version which also includes
> > the changes for adminpack, done in a similar manner to how pgstattuple
> > was updated, as
On Sun, Apr 01, 2018 at 09:39:02AM -0400, Stephen Frost wrote:
> Thanks for checking. Attached is an updated version which also includes
> the changes for adminpack, done in a similar manner to how pgstattuple
> was updated, as discussed. Regression tests updated and extended a bit,
> doc
Greetings,
* Michael Paquier (mich...@paquier.xyz) wrote:
> On Sun, Mar 25, 2018 at 09:43:25PM -0400, Stephen Frost wrote:
> > * Michael Paquier (mich...@paquier.xyz) wrote:
> >> On Thu, Mar 08, 2018 at 10:15:11AM +0900, Michael Paquier wrote:
> >> > Other than that the patch looks in pretty good
On Sun, Mar 25, 2018 at 09:43:25PM -0400, Stephen Frost wrote:
> * Michael Paquier (mich...@paquier.xyz) wrote:
>> On Thu, Mar 08, 2018 at 10:15:11AM +0900, Michael Paquier wrote:
>> > Other than that the patch looks in pretty good shape to me.
>>
>> The regression tests of file_fdw are blowing
Greetings,
* Michael Paquier (mich...@paquier.xyz) wrote:
> On Thu, Mar 08, 2018 at 10:15:11AM +0900, Michael Paquier wrote:
> > Other than that the patch looks in pretty good shape to me.
>
> The regression tests of file_fdw are blowing up because of an error
> string patch 2 changes.
Fixed in
Greetings Michael,
* Michael Paquier (mich...@paquier.xyz) wrote:
> On Tue, Mar 06, 2018 at 10:00:54AM -0500, Stephen Frost wrote:
> > Attached is an updated patch which splits up the permissions as
> > suggested up-thread by Magnus:
> >
> > The default roles added are:
> >
> > *
Magnus, all,
* Magnus Hagander (mag...@hagander.net) wrote:
> On Tue, Jan 2, 2018 at 1:08 PM, Stephen Frost wrote:
> > Suggestions on a name for this..? pg_server_copy_program?
>
> Presumably it would also be used in postgres_fdw, so that seems like a bad
> name. Maybe
Ok great. Thanks Michael and Stephen for the explanations.
Michael, all,
* Michael Paquier (michael.paqu...@gmail.com) wrote:
> On Thu, Jan 18, 2018 at 02:04:45PM +, Ryan Murphy wrote:
> > I had not tried this before with my unpatched build of postgres. (In
> > retrospect of course I should have). I expected my superuser to be
> > able to perform
On Thu, Jan 18, 2018 at 02:04:45PM +, Ryan Murphy wrote:
> I had not tried this before with my unpatched build of postgres. (In
> retrospect of course I should have). I expected my superuser to be
> able to perform this task, but it seems that for security reasons we
> presently don't allow
Just circling back on this.
I did have a question that came up about the behavior of the server as it is
without the patch. I logged into psql with my superuser "postgres":
postgres=# select pg_read_file('/Users/postgres/temp');
ERROR: absolute path not allowed
I had not tried this
Thomas,
* Thomas Munro (thomas.mu...@enterprisedb.com) wrote:
> On Mon, Jan 1, 2018 at 8:19 AM, Stephen Frost wrote:
> > This patch adds a new default role called 'pg_access_server_files' which
> > allows an administrator to GRANT to a non-superuser role the ability to
> >
On Mon, Jan 1, 2018 at 8:19 AM, Stephen Frost wrote:
> Greetings,
>
> This patch adds a new default role called 'pg_access_server_files' which
> allows an administrator to GRANT to a non-superuser role the ability to
> access server-side files through PostgreSQL (as the user
The following review has been posted through the commitfest application:
make installcheck-world: tested, passed
Implements feature: tested, passed
Spec compliant: not tested
Documentation:tested, passed
I ran make installcheck-world and all tests passed except one
(Duplicated to make sure it's in the commitfest Thread, didn't seem to get in
there when I replied to the email)
Oops! I made a mistake, which clearly showed up in my last email: I forgot to
psql back in as "tester".
Now I get the right behavior:
$ psql postgres tester
postgres=>
Oops! I made a mistake, which clearly showed up in my last email: I forgot
to psql back in as "tester".
Now I get the right behavior:
$ psql postgres tester
psql (9.4.5, server 11devel)
Type "help" for help.
postgres=> select pg_read_file('/Users/postgres/temp');
ERROR: absolute path not
Hi Stephen,
I have another question then based on what you said earlier today, and some
testing I did using your patch.
TLDR: I created a role "tester" and was (as expected) not able to perform
pg_read_file() on files outside the data directory.
But then I granted EXECUTE on that function for
Greetings Ryan!
* Ryan Murphy (ryanfmur...@gmail.com) wrote:
> Stephen, so far I've read thru your patch and familiarized myself with some
> of the auth functionality in pg_authid.h and src/backend/utils/adt/acl.c
>
> The only question I have so far about your patch is the last several hunks of
Stephen, so far I've read thru your patch and familiarized myself with some of
the auth functionality in pg_authid.h and src/backend/utils/adt/acl.c
The only question I have so far about your patch is the last several hunks of
the diff, which remove superuser checks without adding anything
On Tue, Jan 2, 2018 at 1:08 PM, Stephen Frost wrote:
> Magnus,
>
> * Magnus Hagander (mag...@hagander.net) wrote:
> > On Sun, Dec 31, 2017 at 8:19 PM, Stephen Frost
> wrote:
> > > This patch adds a new default role called 'pg_access_server_files'
> which
Magnus,
* Magnus Hagander (mag...@hagander.net) wrote:
> On Sun, Dec 31, 2017 at 8:19 PM, Stephen Frost wrote:
> > This patch adds a new default role called 'pg_access_server_files' which
> > allows an administrator to GRANT to a non-superuser role the ability to
> > access
On Sun, Dec 31, 2017 at 8:19 PM, Stephen Frost wrote:
> Greetings,
>
> This patch adds a new default role called 'pg_access_server_files' which
> allows an administrator to GRANT to a non-superuser role the ability to
> access server-side files through PostgreSQL (as the user
having to have roles with
superuser access.
Thanks!
Stephen
From eb8be8ffbadcc37418dc12d59c6767e073028e35 Mon Sep 17 00:00:00 2001
From: Stephen Frost <sfr...@snowman.net>
Date: Sun, 31 Dec 2017 14:01:12 -0500
Subject: [PATCH] Add default role pg_access_server_files
This patch adds a new defaul
26 matches
Mail list logo