| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | "110876189(at)qq(dot)com" <110876189(at)qq(dot)com>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: BUG #15371: a user who not a member of pg_read_server_files role can create a new user into pg_read_server_files |
| Date: | 2018-09-08 07:41:45 |
| Message-ID: | CAKFQuwYyGB11h7oEUp8pbgnCGzWpaa9Z+NEKZ5xk_4qrCMdyyQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Saturday, September 8, 2018, PG Bug reporting form <
noreply(at)postgresql(dot)org> wrote:
>
> 1,execute "CREATE USER mytestuser WITH PASSWORD '12345678' CREATEDB
> CREATEROLE;" use a supper user;
>
So, reading the create role docs this seems to be working as designed.
“ Be careful with the CREATEROLE privilege. There is no concept of
inheritance for the privileges of a CREATEROLE-role. That means that even
if a role does not have a certain privilege but is allowed to create other
roles, it can easily create another role with different privileges than its
own (except for creating roles with superuser privileges)“
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2018-09-08 11:11:30 | Re: BUG #15372: pg_stat_statements extension ignore stats_temp_directory setting and always write into pg_stat_tmp |
| Previous Message | David G. Johnston | 2018-09-08 07:37:01 | Re: BUG #15371: a user who not a member of pg_read_server_files role can create a new user into pg_read_server_files |