Re: use has_privs_of_role() for pg_hba.conf

From: "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Joe Conway <mail(at)joeconway(dot)com>, Nathan Bossart <nathandbossart(at)gmail(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: use has_privs_of_role() for pg_hba.conf
Date: 2022-10-08 16:57:02
Message-ID: CAKFQuwbbR==cUhGpv0+G=z1mgKS+8ysdtMqSgt4mMvGwAyYYQg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sat, Oct 8, 2022 at 8:47 AM Robert Haas <robertmhaas(at)gmail(dot)com> wrote:

> On Sat, Oct 8, 2022 at 11:14 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > Joe Conway <mail(at)joeconway(dot)com> writes:
> > > Thanks -- looks good to me. If there are no other comments or concerns,
> > > I will commit/push by the end of the weekend.
> >
> > Robert seems to think that this patch might be completely misguided,
> > so I'm not sure we have real consensus. I think he may have a point.
>
> I think what is bothering me is a feeling that a privilege is
> something that you get because you've authenticated. If you haven't
> authenticated yet, you have no privileges. So why should it matter
> whether the role to which you could hypothetically authenticate would
> inherit the privileges of some other role or not?
>
> Or to put it another way, I don't have any intuition for why someone
> would want the system to behave in this way rather than in the way
> that it does now.
>

I'm also in the "inheritance isn't relevant here" camp. One doesn't
inherit an ability to LOGIN from a group that has a LOGIN attribute. The
[NO]INHERIT attribute doesn't even apply. This feature is so closely
related to LOGIN that [NO]INHERIT should likewise not apply here as well.

We've decided to conjoin two arguably orthogonal concerns here and need to
keep in mind that any given aspect of the overall capability might very
well only apply to a subset of the system. In this case inheritance only
applies to object permissions, not attributes, and not authentication
(which doesn't have any kind of explicit permission bit in the system to
inherit, making it just like LOGIN).

I would tend to agree that even membership probably shouldn't be involved
here, and that this entire feature would be implemented in an orthogonal
manner. I don't see any specific need to try and move to a more isolated
implementation, but trying to involve inheritance just seems wrong. The
status quo seems like a good place to stay.

David J.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Nathan Bossart 2022-10-08 17:06:40 Re: use has_privs_of_role() for pg_hba.conf
Previous Message Andres Freund 2022-10-08 16:53:50 Re: START_REPLICATION SLOT causing a crash in an assert build