Re: Add default role 'pg_access_server_files'
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Thomas Munro <thomas.munro@enterprisedb.com>
Cc: Pg Hackers <pgsql-hackers@postgresql.org>
Date: 2018-01-12T02:14:14Z
Lists: pgsql-hackers
Thomas, * Thomas Munro (thomas.munro@enterprisedb.com) wrote: > On Mon, Jan 1, 2018 at 8:19 AM, Stephen Frost <sfrost@snowman.net> wrote: > > This patch adds a new default role called 'pg_access_server_files' which > > allows an administrator to GRANT to a non-superuser role the ability to > > access server-side files through PostgreSQL (as the user the database is > > running as). By itself, having this role allows a non-superuser to use > > server-side COPY and to use file_fdw (if installed by a superuser and > > GRANT'd USAGE on it). > > Not sure if you are aware of this failure? > > test file_fdw ... FAILED Thanks, I did do a make check-world, but I tend to do them in parallel and evidently missed this. The patch needs to be reworked based on discussion with Magnus anyhow, which I hope to do this weekend. Currently trying to push other patches along. :) Thanks! Stephen
Commits
-
Add default roles for file/program access
- 0fdc8495bff0 11.0 landed
-
Remove explicit superuser checks in favor of ACLs
- e79350fef291 11.0 landed
-
Support new default roles with adminpack
- 11523e860f8f 11.0 landed