From: | PG Bug reporting form <noreply(at)postgresql(dot)org> |
---|---|
To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
Cc: | andrewbille(at)gmail(dot)com |
Subject: | BUG #17346: pg_upgrade fails with role granted by other role |
Date: | 2021-12-27 08:38:17 |
Message-ID: | 17346-f72b28bd1a341060@postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 17346
Logged by: Andrew Bille
Email address: andrewbille(at)gmail(dot)com
PostgreSQL version: Unsupported/Unknown
Operating system: Ubuntu 20.04
Description:
Hello!
After the commit:
commit 371087d006e04991080bf17cf2287db38d3ea92e
Author: Daniel Gustafsson <dgustafsson(at)postgresql(dot)org>
Date: Fri Nov 26 14:02:01 2021 +0100
Fix GRANTED BY support in REVOKE ROLE statements
Commit 6aaaa76bb added support for the GRANTED BY clause in GRANT and
REVOKE statements, but missed adding support for checking the role in
the REVOKE ROLE case. Fix by checking that the parsed role matches the
CURRENT_ROLE/CURRENT_USER requirement, and also add some tests for it.
Backpatch to v14 where GRANTED BY support was introduced.
Discussion:
https://postgr.es/m/B7F6699A-A984-4943-B9BF-CEB84C003527@yesql.se
Backpatch-through: 14
pg_upgrade for example from 10.19 version causes the error:
10/bin/initdb -D d10
14/bin/initdb -D d14
10/bin/pg_ctl -D d10 -l logfile start
10/bin/psql -c "CREATE ROLE user1; CREATE ROLE user2; GRANT user1 TO user2
GRANTED BY user1;"
10/bin/pg_ctl -D d10 -l logfile stop
14/bin/pg_upgrade -d d10 -D d14 -b 10.19/bin/ -B 14/bin/
.........
Copying old pg_multixact/members to new server ok
Setting next multixact ID and offset for new cluster ok
Resetting WAL archives ok
Setting frozenxid and minmxid counters in new cluster ok
Restoring global objects in the new cluster
*failure*
Consult the last few lines of "pg_upgrade_utility.log" for
the probable cause of the failure.
Failure, exiting
Last lines of pg_upgrade_utility.log:
...
CREATE ROLE "user2";
CREATE ROLE
ALTER ROLE "user2" WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB NOLOGIN
NOREPLICATION NOBYPASSRLS;
ALTER ROLE
GRANT "user1" TO "user2" GRANTED BY "user1";
psql:pg_upgrade_dump_globals.sql:37: ERROR: grantor must be current user
Regards! Andrew Bille
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2021-12-27 16:02:27 | Re: BUG #17346: pg_upgrade fails with role granted by other role |
Previous Message | Masahiko Sawada | 2021-12-27 04:53:33 | Re: BUG #17345: pg_basebackup stucked for 2 hours before timeout |