| From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
|---|---|
| To: | Pg Bugs <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | permissions denial to superuser with foreign keys |
| Date: | 2017-11-03 19:42:42 |
| Message-ID: | CAMkU=1y815FD9tS2=kS5NyU+YAdqjH_xD6aZLoXv3962+aiTNQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
I thought superusers bypassed permissions checks, but was surprised where
in this case they do not:
create user test;
create schema test;
grant all on SCHEMA test to test;
\c postgres test
create table a (x serial primary key);
create table b (x int references a(x) );
insert into a values (1);
\c postgres postgres
revoke all on SCHEMA test from test;
delete from test.a;
ERROR: permission denied for schema test
LINE 1: SELECT 1 FROM ONLY "test"."a" x WHERE "x" OPERATOR(pg_catalo...
^
QUERY: SELECT 1 FROM ONLY "test"."a" x WHERE "x" OPERATOR(pg_catalog.=) $1
FOR KEY SHARE OF x
So apparently this is because the bypass is based on the euid, not ruid, at
least in that part of the code.
Is this the way it is supposed to be? It seems like a bad idea to make the
superuser jump through a bunch of hoops to do what he wants, it is just
more places where a mistake might be made.
This does not seem to be version-specific.
Cheers,
Jeff
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2017-11-03 19:47:50 | Re: permissions denial to superuser with foreign keys |
| Previous Message | Francisco Olarte | 2017-11-03 16:44:05 | Re: BUG #14885: mistake in sorting win1251 chars |