Re: Add default role 'pg_access_server_files'

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: Thomas Munro <thomas.munro@enterprisedb.com>
Cc: Pg Hackers <pgsql-hackers@postgresql.org>
Date: 2018-01-12T02:14:14Z
Lists: pgsql-hackers
Thomas,

* Thomas Munro (thomas.munro@enterprisedb.com) wrote:
> On Mon, Jan 1, 2018 at 8:19 AM, Stephen Frost <sfrost@snowman.net> wrote:
> > This patch adds a new default role called 'pg_access_server_files' which
> > allows an administrator to GRANT to a non-superuser role the ability to
> > access server-side files through PostgreSQL (as the user the database is
> > running as).  By itself, having this role allows a non-superuser to use
> > server-side COPY and to use file_fdw (if installed by a superuser and
> > GRANT'd USAGE on it).
> 
> Not sure if you are aware of this failure?
> 
> test file_fdw                 ... FAILED

Thanks, I did do a make check-world, but I tend to do them in parallel
and evidently missed this.  The patch needs to be reworked based on
discussion with Magnus anyhow, which I hope to do this weekend.
Currently trying to push other patches along. :)

Thanks!

Stephen

Commits

  1. Add default roles for file/program access

  2. Remove explicit superuser checks in favor of ACLs

  3. Support new default roles with adminpack