| From: | Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com> |
|---|---|
| To: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Joe Conway <mail(at)joeconway(dot)com> |
| Subject: | Re: use has_privs_of_role() for pg_hba.conf |
| Date: | 2022-04-04 13:36:13 |
| Message-ID: | CAGB+Vh5epaDEu7aRokcuc_a7yG0B49u9ebpdViJHpyFN-exJtQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Apr 1, 2022 at 6:06 PM Nathan Bossart <nathandbossart(at)gmail(dot)com> wrote:
>
> Hi hackers,
>
> 6198420 ensured that has_privs_of_role() is used for predefined roles,
> which means that the role inheritance hierarchy is checked instead of mere
> role membership. However, inheritance is still not respected for
> pg_hba.conf. Specifically, "samerole", "samegroup", and "+" still use
> is_member_of_role_nosuper().
>
> The attached patch introduces has_privs_of_role_nosuper() and uses it for
> the aforementioned pg_hba.conf functionality. I think this is desirable
> for consistency. If a role_a has membership in role_b but none of its
> privileges (i.e., NOINHERIT), does it make sense that role_a should match
> +role_b in pg_hba.conf? It is true that role_a could always "SET ROLE
> role_b", and with this change, the user won't even have the ability to log
> in to run SET ROLE. But I'm not sure if that's a strong enough argument
> for deviating from the standard role privilege checks.
>
> Thoughts?
>
Good catch, I think this is a logical followup to the previous
has_privs_of_role patch.
Reviewed and +1
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Steele | 2022-04-04 13:56:26 | Re: Postgres restart in the middle of exclusive backup and the presence of backup_label file |
| Previous Message | Jesper Pedersen | 2022-04-04 13:23:58 | Re: GSoC: pgmoneta, storage API |