From: | Noah Misch <noah(at)leadboat(dot)com> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Euler Taveira de Oliveira <euler(at)timbira(dot)com>, Daniel Farina <daniel(at)heroku(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: pg_cancel_backend by non-superuser |
Date: | 2011-10-02 12:50:09 |
Message-ID: | 20111002125009.GA19489@tornado.leadboat.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sun, Oct 02, 2011 at 06:55:51AM -0400, Robert Haas wrote:
> On Sat, Oct 1, 2011 at 10:11 PM, Euler Taveira de Oliveira
> <euler(at)timbira(dot)com> wrote:
> > On 01-10-2011 17:44, Daniel Farina wrote:
> >> On Fri, Sep 30, 2011 at 9:30 PM, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> ?wrote:
> >>> ISTM it would be reasonably non-controversial to allow users to issue
> >>> pg_cancel_backend against other sessions logged in as the same userID.
> >>> The question is whether to go further than that, and if so how much.
> >>
> >> In *every* case -- and there are many -- where we've had people
> >> express pain, this would have sufficed.
+1 for allowing that unconditionally.
> > I see. What about passing this decision to DBA? I mean a GUC
> > can_cancel_session = user, dbowner (default is '' -- only superuser). You
> > can select one or both options. This GUC can only be changed by superuser.
>
> Or how about making it a grantable database-level privilege?
I think either is overkill. You can implement any policy by interposing a
SECURITY DEFINER wrapper around pg_cancel_backend().
nm
From | Date | Subject | |
---|---|---|---|
Next Message | Jeff Davis | 2011-10-02 16:01:10 | Re: Range Types - typo + NULL string constructor |
Previous Message | Simon Riggs | 2011-10-02 12:21:31 | Re: [REVIEW] pg_last_xact_insert_timestamp |