From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Daniel Gustafsson <daniel(at)yesql(dot)se>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, Andres Freund <andres(at)anarazel(dot)de> |
Subject: | Re: DROP OWNED BY fails to clean out pg_init_privs grants |
Date: | 2024-04-30 04:40:48 |
Message-ID: | CAKFQuwYyhx01CMxmtupuMGiRwQbWTsDrDc2S88W4woaW3P=NyQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Monday, April 29, 2024, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> > My solution to this was to rely on the fact that the bootstrap superuser
> is
> > assigned OID 10 regardless of its name.
>
> Yeah, I wrote it that way to start with too, but reconsidered
> because
>
> (1) I don't like hard-coding numeric OIDs. We can avoid that in C
> code but it's harder to do in SQL.
If the tests don’t involve, e.g., the predefined role pg_monitor and its
grantor of the memberships in the other predefined roles, this indeed can
be avoided. So I think my test still needs to check for 10 even if some
other superuser is allowed to produce the test output since a key output in
my case was the bootstrap superuser and the initdb roles.
> (2) It's not clear to me that this test couldn't be run by a
> non-bootstrap superuser. I think "current_user" is actually
> the correct thing for the role executing the test.
>
Agreed, testing against current_role is correct if the things being queried
were created while executing the test. I would need to do this as well to
remove the current requirement that my tests be run by the bootstrap
superuser.
David J.
From | Date | Subject | |
---|---|---|---|
Next Message | Alexander Lakhin | 2024-04-30 06:00:00 | Re: Removing unneeded self joins |
Previous Message | Richard Guo | 2024-04-30 04:16:23 | Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid |