Re: Add default role 'pg_access_server_files'
Ryan Murphy <ryanfmurphy@gmail.com>
From: Ryan Murphy <ryanfmurphy@gmail.com>
To: pgsql-hackers@postgresql.org
Cc: Stephen Frost <sfrost@snowman.net>
Date: 2018-01-07T07:17:24Z
Lists: pgsql-hackers
The following review has been posted through the commitfest application: make installcheck-world: tested, passed Implements feature: tested, passed Spec compliant: not tested Documentation: tested, passed I ran make installcheck-world and all tests passed except one that is a known issue with the way I have my environment setup (ecpg tests unrelated to this patch). Manual tests I ran to see if it Implements the Feature: 1) confirmed that superuser can call pg_read_file() to read files in or out of data directory 2) confirmed that "tester" can call pg_read_file() only if given EXECUTE privilege 3) confirmed that "tester" can only call pg_read_file() on a file OUTSIDE of the data directory iff I "grant pg_access_server_files to tester;" Documentation seems reasonable. I believe this patch to be Ready for Committer. The new status of this patch is: Ready for Committer
Commits
-
Add default roles for file/program access
- 0fdc8495bff0 11.0 landed
-
Remove explicit superuser checks in favor of ACLs
- e79350fef291 11.0 landed
-
Support new default roles with adminpack
- 11523e860f8f 11.0 landed