| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | Alexey Bashtanov <bashtanov(at)imap(dot)cc>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #9923: "reassign owned" does not change permissions grantor |
| Date: | 2015-12-17 20:14:53 |
| Message-ID: | 20151217201453.GA27799@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Wed, Dec 16, 2015 at 07:40:05PM -0300, Alvaro Herrera wrote:
> Bruce Momjian wrote:
> > On Fri, Jan 9, 2015 at 01:19:48PM -0500, Bruce Momjian wrote:
> > > I can confirm this bug report from April, and your analysis of the fixes
> > > --- we were missing calls to aclnewowner() for types, foreign servers,
> > > and foreign data wrappers, for both REASSIGN and ALTER OWNER TO.
> > >
> > > With the attached SQL script you can see the ACL fields properly
> > > changing to match the object owner (attached). Without the patch, only
> > > the table's ACL changes.
> > >
> > > The patch also changes the regression output --- I think that is because
> > > the object ownership changes remove certain duplicates from the ACL
> > > list.
> >
> > Patch applied. Thank you for the excellent bug report.
>
> I just realized that you didn't backpatch this bug fix, and therefore my
> fix for bug #13666 fails to cherry-pick sanely on 9.4 and earlier.
>
> I think this should be back-patched.
>
> This is the changelog entry:
>
> Author: Bruce Momjian <bruce(at)momjian(dot)us>
> Branch: master Release: REL9_5_BR [59367fdf9] 2015-01-22 12:36:55 -0500
>
> adjust ACL owners for REASSIGN and ALTER OWNER TO
>
> When REASSIGN and ALTER OWNER TO are used, both the object owner and ACL
> list should be changed from the old owner to the new owner. This patch
> fixes types, foreign data wrappers, and foreign servers to change their
> ACL list properly; they already changed owners properly.
>
> BACKWARD INCOMPATIBILITY?
Backpatching seems fine to me. I was just concerned if anyone was
relying on the existing buggy behavior. We do list this item as a 9.5
incompatibility, so the question is whether we can add an
incompatibility to back branches:
Fix <link linkend="SQL-REASSIGN-OWNED"><command>REASSIGN OWNED</></>
and <link linkend="SQL-ALTERTYPE"><command>ALTER OWNER TO</></>
to properly update permissions lists (ACLs) when changing ownership of
types, foreign data wrappers, and foreign servers (Bruce Momjian)
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-12-17 20:21:46 | Re: BUG #9923: "reassign owned" does not change permissions grantor |
| Previous Message | Kevin Grittner | 2015-12-17 19:34:42 | Re: BUG #13681: Serialization failures caused by new multixact code of 9.3 (back-patch request) |