Re: pg_cancel_backend by non-superuser

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Noah Misch <noah(at)leadboat(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Euler Taveira de Oliveira <euler(at)timbira(dot)com>, Daniel Farina <daniel(at)heroku(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: pg_cancel_backend by non-superuser
Date: 2011-12-06 12:12:22
Message-ID: CABUevExWZnUCWox1F7gHb4CS3+POjDu2DOjFdMq06VRXCj8VeQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sun, Oct 2, 2011 at 23:32, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Noah Misch <noah(at)leadboat(dot)com> writes:
>> On Sun, Oct 02, 2011 at 06:55:51AM -0400, Robert Haas wrote:
>>> On Sat, Oct 1, 2011 at 10:11 PM, Euler Taveira de Oliveira
>>> <euler(at)timbira(dot)com> wrote:
>>>> I see. What about passing this decision to DBA? I mean a GUC
>>>> can_cancel_session = user, dbowner (default is '' -- only superuser). You
>>>> can select one or both options. This GUC can only be changed by superuser.
>
>>> Or how about making it a grantable database-level privilege?
>
>> I think either is overkill.  You can implement any policy by interposing a
>> SECURITY DEFINER wrapper around pg_cancel_backend().
>
> I'm with Noah on this.  If allowing same-user cancels is enough to solve
> 95% or 99% of the real-world use cases, let's just do that.  There's no
> very good reason to suppose that a GUC or some more ad-hoc privileges
> will solve a large enough fraction of the rest of the cases to be worth
> their maintenance effort.  In particular, I think both of the above
> proposals assume way too much about the DBA's specific administrative
> requirements.

+1.

Torello, are you up for updating your patch to do this, for now? If
not, I'll be happy to create an updated patch that does just this, but
since you got started on it...

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Florian Weimer 2011-12-06 12:12:30 Re: Large number of open(2) calls with bulk INSERT into empty table
Previous Message Magnus Hagander 2011-12-06 12:00:46 Re: pg_upgrade if 'postgres' database is dropped