[PATCH] allow pg_current_logfile() execution under pg_monitor role
Pavlo Golub <pavlo.golub@cybertec.at>
From: Pavlo Golub <pavlo.golub@cybertec.at>
To: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-02-09T15:01:58Z
Lists: pgsql-hackers
Attachments
- 0001-allow-pg_current_logfile-execution-under-pg_monitor-.patch (application/octet-stream)
Hello,
The patch attached fixes an oversight/inconsistency of disallowing the
pg_monitor system role to execute pg_current_logfile([text]).
pgwatch3=# create user joe;
CREATE ROLE
pgwatch3=# set role joe;
SET
pgwatch3=> select pg_current_logfile();
ERROR: permission denied for function pg_current_logfile
pgwatch3=> reset role;
RESET
pgwatch3=# grant pg_monitor to joe;
GRANT ROLE
pgwatch3=# set role joe;
SET
pgwatch3=> select pg_current_logfile();
ERROR: permission denied for function pg_current_logfile
pgwatch3=> select * FROM pg_ls_logdir();
name | size | modification
----------------------------------+----------+------------------------
postgresql-2024-02-08_130906.log | 652 | 2024-02-08 13:10:04+01
(5 rows)
Best regards,
Pavlo Golub