Re: system administration functions with hardcoded superuser checks
Peter Eisentraut <peter_e@gmx.net>
From: Peter Eisentraut <peter_e@gmx.net>
To: pgsql-hackers@postgresql.org
Date: 2013-01-15T14:25:40Z
Lists: pgsql-hackers
Attachments
- pg-func-superuser-checks.patch (text/plain) patch
On 12/18/12 12:09 PM, Peter Eisentraut wrote: > There are some system administration functions that have hardcoded > superuser checks, specifically: > > pg_reload_conf > pg_rotate_logfile > pg_read_file > pg_read_file_all > pg_read_binary_file > pg_read_binary_file_all > pg_stat_file > pg_ls_dir > > Some of these are useful in monitoring or maintenance tools, and the > hardcoded superuser checks require that these tools run with maximum > privileges. Couldn't we just install these functions without default > privileges and allow users to grant privileges as necessary? This is still being debated, but just for the heck of it, here is a patch for how this implementation would look like.