| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: pg_dump is broken by recent privileges changes |
| Date: | 2003-02-10 19:07:37 |
| Message-ID: | Pine.LNX.4.44.0302101451210.6138-100000@peter.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane writes:
> REVOKE ALL ON SCHEMA public FROM PUBLIC;
>
> which fails with
>
> ERROR: dependent privileges exist (use CASCADE to revoke them too)
Not here.
> This message seems incorrect --- what is a dependent privilege, and
> why would PUBLIC have any?
The term "dependent privilege" is explained on the REVOKE reference page.
And no, PUBLIC wouldn't ever have any.
> Also, pg_dump itself seems confused --- the full text of a dump from
> an empty DB is (omitting comment lines)
>
> \connect - postgres
> REVOKE ALL ON SCHEMA public FROM PUBLIC;
> GRANT ALL ON SCHEMA public TO PUBLIC;
> GRANT ALL ON SCHEMA public TO PUBLIC;
> REVOKE ALL ON SCHEMA public FROM postgres;
>
> which is not only inefficient but wrong, since public surely should
> have privileges when the dust settles.
The second GRANT is a bug because the buffer wasn't cleared. The other
commands are correct as far as pg_dump is concerned. At the end the
privileges are exactly "=UC/postgres", which is what they are by default.
--
Peter Eisentraut peter_e(at)gmx(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-02-10 19:07:46 | Re: Status report: regex replacement |
| Previous Message | Peter Eisentraut | 2003-02-10 19:00:26 | Re: Why is lc_messages restricted? |