Re: pg_user permissions problem (Was: Re: [HACKERS] RE: New ecgp code problem.)

Bruce Momjian <maillist@candle.pha.pa.us>

From: Bruce Momjian <maillist@candle.pha.pa.us>
To: scrappy@hub.org (The Hermit Hacker)
Cc: meskes@topsystem.de, emkxp01@mtcc.demon.co.uk, pgsql-hackers@postgreSQL.org
Date: 1998-02-19T14:31:50Z
Lists: pgsql-hackers
> 	I spent time with Julie last night working on this, and the
> problem comes back down to "pg_user: Permission Denied"...
> 
> 	I think this is a high priority problem, since it affects so many
> things.
> 
> 	What is the chance of (how hard would it be to?) having a hard
> coded view setup that overrides the permissions lock on pg_user?  At what
> point is the lock implemented, software level, or file system?
> 

I believe the only way to fix it at this point is to remove the REVOKE
pg_user from initdb, and add a check in user.c to make sure the
permissions on pg_user are not NULL if they try and use passwords.

-- 
Bruce Momjian
maillist@candle.pha.pa.us