Re: almost-super-user problems that we haven't fixed yet
Nathan Bossart <nathandbossart@gmail.com>
From: Nathan Bossart <nathandbossart@gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2023-01-19T19:46:01Z
Lists: pgsql-hackers
Attachments
- v5-0001-Code-review-for-ea92368.patch (text/x-diff)
On Thu, Jan 19, 2023 at 02:17:35PM -0500, Robert Haas wrote: > On Thu, Jan 19, 2023 at 12:54 PM Nathan Bossart > <nathandbossart@gmail.com> wrote: >> > OK. Might be worth a short comment. >> >> I added one. > > Thanks. I'd move it to the inner indentation level so it's closer to > the test at issue. I meant for it to cover the call to HaveNFreeProcs() as well since the same idea applies. I left it the same for now, but if you still think it makes sense to move it, I'll do so. > I would also suggest reordering the documentation and the > postgresql.conf.sample file so that reserved_connections precedes > superuser_reserved_connections, instead of following it. Makes sense. > Other than that, this seems like it might be about ready to commit, > barring objections or bug reports. Awesome. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Improve several permission-related error messages.
- de4d456b406b 16.0 landed
-
Integrate superuser check into has_rolreplication()
- 442f8700656b 16.0 landed
-
Small code simplification
- 3b7cd8c690f2 16.0 landed
-
Adjust interaction of CREATEROLE with role properties.
- f1358ca52dd7 16.0 landed
-
Add new GUC reserved_connections.
- 6e2775e4d4e4 16.0 landed
-
Rename ReservedBackends variable to SuperuserReservedConnections.
- fe00fec1f5d7 16.0 landed
-
Update docs and error message for superuser_reserved_connections.
- 6c1d5ba48678 16.0 landed
-
Add new GUC createrole_self_grant.
- e5b8a4c098ad 16.0 cited
-
Restrict the privileges of CREATEROLE users.
- cf5eb37c5ee0 16.0 cited
-
Add a SET option to the GRANT command.
- 3d14e171e9e2 16.0 cited