Re: system administration functions with hardcoded superuser checks
Simon Riggs <simon@2ndquadrant.com>
From: Simon Riggs <simon@2ndQuadrant.com>
To: Peter Eisentraut <peter_e@gmx.net>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2012-12-18T17:29:01Z
Lists: pgsql-hackers
On 18 December 2012 17:09, Peter Eisentraut <peter_e@gmx.net> wrote: > There are some system administration functions that have hardcoded > superuser checks, specifically: > > pg_reload_conf > pg_rotate_logfile > pg_read_file > pg_read_file_all > pg_read_binary_file > pg_read_binary_file_all > pg_stat_file > pg_ls_dir > > Some of these are useful in monitoring or maintenance tools, and the > hardcoded superuser checks require that these tools run with maximum > privileges. Couldn't we just install these functions without default > privileges and allow users to grant privileges as necessary? +1 But I would include recovery functions also. -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services