[PATCH] allow pg_current_logfile() execution under pg_monitor role

Pavlo Golub <pavlo.golub@cybertec.at>

From: Pavlo Golub <pavlo.golub@cybertec.at>
To: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-02-09T15:01:58Z
Lists: pgsql-hackers

Attachments

Hello,

The patch attached fixes an oversight/inconsistency of disallowing the
pg_monitor system role to execute pg_current_logfile([text]).

pgwatch3=# create user joe;
CREATE ROLE
pgwatch3=# set role joe;
SET
pgwatch3=> select pg_current_logfile();
ERROR:  permission denied for function pg_current_logfile
pgwatch3=> reset role;
RESET
pgwatch3=# grant pg_monitor to joe;
GRANT ROLE
pgwatch3=# set role joe;
SET
pgwatch3=> select pg_current_logfile();
ERROR:  permission denied for function pg_current_logfile
pgwatch3=> select * FROM pg_ls_logdir();
               name               |   size   |      modification
----------------------------------+----------+------------------------
 postgresql-2024-02-08_130906.log |      652 | 2024-02-08 13:10:04+01
(5 rows)

Best regards,
Pavlo Golub