RE: I remember why I suggested CREATE FUNCTION...AS NUL L

From: Magnus Hagander <mha(at)sollentuna(dot)net>
To: "'The Hermit Hacker'" <scrappy(at)hub(dot)org>
Cc: "'Tom Lane'" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Mike Mascari <mascarm(at)mascari(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: RE: I remember why I suggested CREATE FUNCTION...AS NUL L
Date: 2000-09-11 15:22:17
Message-ID: 215896B6B5E1CF11BC5600805FFEA82103D97DD5@sirius.edu.sollentuna.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

> > > > 2) Change pg_dump to walk through dependencies?
> > >
> > > The trouble with that is that dependency analysis is a
> monstrous job,
> > > and one that would make pg_dump even more fragile and
> backend-version-
> > > dependent than it is now.
> >
> > One way to get around that might be to make the dumping
> routine a part
> > of the backend instead of a frontend. This is what at least
> MS SQL does.
> > So I can do for example:
> >
> > BACKUP DATABASE mydb TO DISK 'c:\foo.dump'
> > or, if I want to send the backup directly to my backup program
> > BACKUP DATABASE mydb TO PIPE 'somepipe'
> >
> > Then to reload it I just do
> > RESTORE DATABASE mydb FROM DISK 'c:\foo.dump'
> >
> >
> > Doing this might also help with permissions issues, since the entire
> > process can be run inside tbe backend (and skip security
> checks at some
> > points, assuming that it was a user with backup permissions
> who started
> > the operation)?
>
> One issue with this comes to mind ... if I allocate X meg for
> a database,
> given Y meg extra for temp tables, pg_sort, etc ... if someone has the
> ability to dump to the server itself (assuming server is
> seperate from
> client machine), doesn't that run a major risk of filling up
> disk space
> awfully quick? For instance, the dba for that database
> decides to backup
> before and after making changes, or before/after a large
> update ... what
> sorts of checks/balances are you proposing to prevent disk
> space problems?
Hmm. I was actually not thinking of that part :-) More in the way of "if he
has permissions to dump the db, he shuold check for space".

But say there are different permissions for BACKUP TO DISK and BACKUP TO
PIPE (or whatever it would be called). So you could let somebody dump it
through a TCP/IP connection without needing to trust them with handling
local disk?

> also, this is gonig to require database level access controls,
> no? something we don't have right now ... so that too is
> going to have to
> be implemented ... basically, you're gonna want some sort of 'GRANT
> BACKUP to dba;' command so that there can be more then one person with
> complete access to the database, but only one person with access to
> initial a backup ...
Umm. Yeah, that's probably right. One could make a "cheap" solution by
saying only superuser can do it. But I guess there can be situations out
there where non-superusers need to run backups.. Hmm.

In MS SQL, the commands BACKUP and RESTORE can be executed by any member of
the database wide roles db_owner (who is like the postgres superuser, I
think, except on a per-database level) or the db_backupoperator role. I
don't know how SQL standards compliant the "roles" handling in MSSQL is, but
it is a very neat tool to work with :-)

Adding database level access controls probably wouldn't be the hardest part
of doing it, I think...

//Magnus

Browse pgsql-hackers by date

  From Date Subject
Next Message Thomas Lockhart 2000-09-11 15:45:15 Re: problems with GRANT on Solaris 8
Previous Message Tom Lane 2000-09-11 15:15:58 Re: Constant propagation and similar issues