Re: [HACKERS] Postgres acl

Bruce Momjian <maillist@candle.pha.pa.us>

From: Bruce Momjian <maillist@candle.pha.pa.us>
To: kwitten@qdt.com
Cc: pgsql-hackers@postgreSQL.org
Date: 1998-01-06T05:19:32Z
Lists: pgsql-hackers
> 
> I believe I found a bug. If a user other than the postgres superuser is
> given permission to create databases, then he should be able to destroy
> the databases he creates. Currently he can't, at least in version 6.2.1
> complied for SunOS 5.5. Only the poostgres superuser can delete
> databases. If otherusers try they get the following error message:
> 
> "WARN:pg_database: Permission denied.
> destroydb: database destroy failed on tmpdb."
> 
> eventhough this user is the database admin for tmpdb as shown in the
> pd_database table.
> 
> 

Here is the fix.  This bug has been around for a while:

---------------------------------------------------------------------------

*** ./aclchk.c.orig	Tue Jan  6 00:10:25 1998
--- ./aclchk.c	Tue Jan  6 00:18:40 1998
***************
*** 410,416 ****
  		 * pg_database table, there is still additional permissions
  		 * checking in dbcommands.c
  		 */
! 		if (mode & ACL_AP)
  			return ACLCHECK_OK;
  	}
  
--- 410,416 ----
  		 * pg_database table, there is still additional permissions
  		 * checking in dbcommands.c
  		 */
! 		if ((mode & ACL_WR) || (mode & ACL_AP))
  			return ACLCHECK_OK;
  	}
  


-- 
Bruce Momjian
maillist@candle.pha.pa.us