Re: [HACKERS] Odd problem with pg_class ...

This problem was reported in 08/17/1999 by me and 08/30/1999 by D Herssein.
No answer received.
Both are attached.
---------------- E-mail
08/17 -----------------------------------------------------------
Hi All,

Two weeks ago somebody had reported that drop user don't remove rights from
relacl field of pg_class. This problem is more serious if you delete a group
from pg_group without remoking rigths before. It causes backend terminates
abnormally.

Maybe interesting for others!! Could anybody include DENY sql command in
TODO list.

My problem is: A group have rigths to access some table. I include a new
user in this group, but for three months he will not have rights to access
this table. So, if the new user have no rigths, he will get rights from his
group. I think it would be enough DENY command (deny all on sometable from
newuser) includes something like "NEWUSER=" in relacl field.

Just more one question: Aclitem type have the following rigths: =arwR
(insert, select, update/delete, create rule, I suppose).
How could I grant update and revoke delete permissions on a table ?

Best Regards,

Ricardo Coelho.
----------------------------------------------------------------------------
---------------------
-------------- E-mail
08/30 -------------------------------------------------------------------
Hi Denny,

I solved this problem (backend crashes when we delete a group without
revoking privileges) adding the group again with the same grosysid, revoking
all privileges on all tables and deleting this group.

Best Regards,

Ricardo Coelho.

----- Original Message -----
From: D Herssein <denny(at)namsi(dot)com>
To: Ricardo Coelho <rcoelho(at)px(dot)com(dot)br>
Sent: Monday, August 30, 1999 1:03 PM
Subject: HELP Re: pg_group, etc..

> I just read your post AFTER I sent the HELP request to the group.
> I must have deleted the group/user in the wrong order while playing with
> the db trying to learn how to gran group access to users.
> How do I get myself back to normal?
>
>
> --
> Life is complicated. But the simpler alternatives are not very
> desirable. (R' A. Kahn)
>

----------------------------------------------------------------------------
-------------------

----- Original Message -----
From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: The Hermit Hacker <scrappy(at)hub(dot)org>
Cc: <pgsql-hackers(at)postgreSQL(dot)org>
Sent: Thursday, September 02, 1999 12:03 PM
Subject: Re: [HACKERS] Odd problem with pg_class ...

> The Hermit Hacker <scrappy(at)hub(dot)org> writes:
> > NOTICE: get_groname: group 0 not found
> > pqReadData() -- backend closed the channel unexpectedly.
>
> get_groname returns NULL on failure, and it looks like aclitemout
> in backend/utils/adt/acl.c isn't checking for that. Probably
> aclitemout ought to produce the decimal equivalent of the group ID
> if no name is available. Compare what it does in the UID case just
> above.
>
> BTW, the ifdef'd out elog(NOTICE) in the UID case could be re-enabled
> now, because I fixed the FE/BE protocol problem with NOTICEs generated
> by type conversion routines...
>
> regards, tom lane
>
> ************
>
>