Thread

  1. Re: [HACKERS] Postgres acl

    Bruce Momjian <maillist@candle.pha.pa.us> — 1998-01-06T05:19:32Z

    > 
    > I believe I found a bug. If a user other than the postgres superuser is
    > given permission to create databases, then he should be able to destroy
    > the databases he creates. Currently he can't, at least in version 6.2.1
    > complied for SunOS 5.5. Only the poostgres superuser can delete
    > databases. If otherusers try they get the following error message:
    > 
    > "WARN:pg_database: Permission denied.
    > destroydb: database destroy failed on tmpdb."
    > 
    > eventhough this user is the database admin for tmpdb as shown in the
    > pd_database table.
    > 
    > 
    
    Here is the fix.  This bug has been around for a while:
    
    ---------------------------------------------------------------------------
    
    *** ./aclchk.c.orig	Tue Jan  6 00:10:25 1998
    --- ./aclchk.c	Tue Jan  6 00:18:40 1998
    ***************
    *** 410,416 ****
      		 * pg_database table, there is still additional permissions
      		 * checking in dbcommands.c
      		 */
    ! 		if (mode & ACL_AP)
      			return ACLCHECK_OK;
      	}
      
    --- 410,416 ----
      		 * pg_database table, there is still additional permissions
      		 * checking in dbcommands.c
      		 */
    ! 		if ((mode & ACL_WR) || (mode & ACL_AP))
      			return ACLCHECK_OK;
      	}
      
    
    
    -- 
    Bruce Momjian
    maillist@candle.pha.pa.us