Re: Allow pg_dumpall to work without pg_authid
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Robins Tharakan <tharakan@gmail.com>
Cc: "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2017-02-19T21:50:53Z
Lists: pgsql-hackers
Robins, * Robins Tharakan (tharakan@gmail.com) wrote: > On 19 February 2017 at 17:02, Robins Tharakan <tharakan@gmail.com> wrote: > > On Sun, 19 Feb 2017 at 10:08 Stephen Frost <sfrost@snowman.net> wrote: > >> If anything, it should use pg_roles, not pg_user. > >> > >> I don't really like the "--avoid-pgauthid" option, but "--no-passwords" > >> would probably work. > >> > > '--no-passwords' is a good alternative. > > Would submit a patch soon. > > > After reviewing further, it seems that merely adding a password related > workaround wouldn't suffice. Further --no-password is already an alias for > -w, so that flag is effectively taken. Ah, yes, that makes --no-passwords a bad name. The other changes to use pg_roles instead of pg_authid when rolpassword isn't being used look like they should just be changed to use pg_roles instead of using one or the other. That should be an independent patch from the one which adds the option we are discussing. > Since the main restriction with AWS RDS is the unavailability of pg_authid, > probably that is a better basis to name the flag on. I don't like the idea of having the catalog name drive the option name. For one thing, there's been some discussion of using column-level privs on catalogs, which would actually make it such that pg_authid could be queried by regular users for the public columns. Perhaps --no-role-passwords instead? > Attaching a patch to add a new flag (--no-pgauthid) to pg_dumpall that can > dump Globals without needing pg_authid. So the following works with AWS RDS > Postgres databases. > > pg_dumpall --no-pgauthid --globals-only > a.sql Does that then work with a non-superuser account on a regular PG instance also? If not, I'd like to suggest that we consider follow-on patches to provide options for whatever else currently requires superuser on a regular install. > I'll create a Commitfest entry, if there aren't many objections. Yes, please do create a commitfest entry for this. Thanks! Stephen
Commits
-
Fix dumping role comments when using --no-role-passwords
- d82cb467bbc2 12.19 landed
- be01c8c3450e 14.12 landed
- affc46b76d50 13.15 landed
- 7e65ad197f9d 17.0 landed
- 5863bacb87c1 16.3 landed
- 12128be623fd 15.7 landed