Re: SET ROLE and reserved roles

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: SET ROLE and reserved roles
Date: 2016-05-03 15:08:53
Message-ID: 20160503150852.GM10850@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> On Tue, Apr 26, 2016 at 7:39 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> > On Mon, Apr 25, 2016 at 6:55 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> >> Based on our discussion at PGConf.US and the comments up-thread from
> >> Tom, I'll work up a patch to remove those checks around SET ROLE and
> >> friends which were trying to prevent default roles from possibly being
> >> made to own objects.
> >>
> >> Should the checks, which have been included since nearly the start of
> >> this version of the patch, to prevent users from GRANT'ing other rights
> >> to the default roles remain? Or should those also be removed? I
> >> *think* pg_dump/pg_upgrade would be fine with rights being added, and if
> >> we aren't preventing ownership of objects then we aren't going to be
> >> able to remove such roles in any case.
> >
> > It'd be good to test that that works. If it does, I think we may as
> > well allow it.
> >
> >> Of course, with these default roles, users can't REVOKE the rights which
> >> are granted to them as that happens in C code, outside of the GRANT
> >> system.
> >
> > I think you mean that they can't revoke the special magic rights, but
> > they could revoke any additional privileges which were granted.
> >
> >> Working up a patch to remove these checks should be pretty quickly done
> >> (iirc, I've actually got an independent patch around from when I added
> >> them, just need to find it and then go through the committed patches to
> >> make sure I take care of everything), but would like to make sure that
> >> we're now all on the same page and that *all* of these checks should be
> >> removed, making default roles just exactly like "regular" roles, except
> >> that they're created at initdb time and have "special" rights provided
> >> by C-level code checks.
> >
> > That's what I'm thinking. I would welcome other views.
>
> Ping!

Thanks. I'm planning to post a patch tomorrow to remove these checks.

Thanks again!

Stephen

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2016-05-03 15:19:52 Re: Pg_stop_backup process does not run - Backup Intervals
Previous Message Robert Haas 2016-05-03 15:07:44 Re: SET ROLE and reserved roles