Quick Links

CREATEROLE, CREATEDB

From:	Peter Eisentraut <peter_e(at)gmx(dot)net>
To:	pgsql-hackers(at)postgresql(dot)org
Subject:	CREATEROLE, CREATEDB
Date:	2007-06-05 14:04:44
Message-ID:	200706051604.44929.peter_e@gmx.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Is it correct that a user with CREATEROLE privilege but without CREATEDB
privilege can create a user with *CREATEDB* privilege, thus bypassing his
original restrictions? This sequence doesn't look right:

pei=# create user foo1 createrole;
CREATE ROLE
pei=# \c - foo1
You are now connected to database "pei" as user "foo1".
pei=> create database test;
ERROR: permission denied to create database
pei=> create user foo2 createdb;
CREATE ROLE
pei=> \c - foo2
You are now connected to database "pei" as user "foo2".
pei=> create database test;
CREATE DATABASE

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

Responses

Re: CREATEROLE, CREATEDB at 2007-06-05 14:50:40 from Bernd Helmle
Re: CREATEROLE, CREATEDB at 2007-06-05 19:29:14 from Chander Ganesan

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Merlin Moncure	2007-06-05 14:45:35	Re: libpq and Binary Data Formats
Previous Message	Andrew Dunstan	2007-06-05 13:56:45	Re: [HACHERS] privilege check: column level only?