mirror of
https://github.com/postgres/postgres.git
synced 2025-07-28 23:42:10 +03:00
Use GRANT system to manage access to sensitive functions
Now that pg_dump will properly dump out any ACL changes made to functions which exist in pg_catalog, switch to using the GRANT system to manage access to those functions. This means removing 'if (!superuser()) ereport()' checks from the functions themselves and then REVOKEing EXECUTE right from 'public' for these functions in system_views.sql. Reviews by Alexander Korotkov, Jose Luis Tallon
This commit is contained in:
Stephen Frost
@ -826,7 +826,9 @@ test ! -f /mnt/server/archivedir/00000001000000A900000065 && cp pg_xlog/
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Connect to the database as a superuser and issue the command:
|
||||
Connect to the database as a user with rights to run pg_start_backup
|
||||
(superuser, or a user who has been granted EXECUTE on the function)
|
||||
and issue the command:
|
||||
<programlisting>
|
||||
SELECT pg_start_backup('label');
|
||||
</programlisting>
|
||||
@ -877,7 +879,9 @@ SELECT pg_start_backup('label', true);
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Again connect to the database as a superuser, and issue the command:
|
||||
Again connect to the database as a user with rights to run
|
||||
pg_stop_backup (superuser, or a user who has been granted EXECUTE on
|
||||
the function), and issue the command:
|
||||
<programlisting>
|
||||
SELECT pg_stop_backup();
|
||||
</programlisting>
|
||||
|
||||
@ -17339,8 +17339,9 @@ SELECT set_config('log_statement_stats', 'off', false);
|
||||
<para>
|
||||
The functions shown in <xref
|
||||
linkend="functions-admin-signal-table"> send control signals to
|
||||
other server processes. Use of these functions is usually restricted
|
||||
to superusers, with noted exceptions.
|
||||
other server processes. Use of these functions is restricted to
|
||||
superusers by default but access may be granted to others with the
|
||||
<command>GRANT</command>, with noted exceptions.
|
||||
</para>
|
||||
|
||||
<table id="functions-admin-signal-table">
|
||||
@ -17490,7 +17491,7 @@ SELECT set_config('log_statement_stats', 'off', false);
|
||||
<literal><function>pg_create_restore_point(<parameter>name</> <type>text</>)</function></literal>
|
||||
</entry>
|
||||
<entry><type>pg_lsn</type></entry>
|
||||
<entry>Create a named point for performing restore (restricted to superusers)</entry>
|
||||
<entry>Create a named point for performing restore (restricted to superusers by default, but other users can be granted EXECUTE to run the function)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
@ -17518,21 +17519,21 @@ SELECT set_config('log_statement_stats', 'off', false);
|
||||
<literal><function>pg_start_backup(<parameter>label</> <type>text</> <optional>, <parameter>fast</> <type>boolean</> <optional>, <parameter>exclusive</> <type>boolean</> </optional></optional>)</function></literal>
|
||||
</entry>
|
||||
<entry><type>pg_lsn</type></entry>
|
||||
<entry>Prepare for performing on-line backup (restricted to superusers or replication roles)</entry>
|
||||
<entry>Prepare for performing on-line backup (restricted to superusers by default, but other users can be granted EXECUTE to run the function)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<literal><function>pg_stop_backup()</function></literal>
|
||||
</entry>
|
||||
<entry><type>pg_lsn</type></entry>
|
||||
<entry>Finish performing exclusive on-line backup (restricted to superusers or replication roles)</entry>
|
||||
<entry>Finish performing exclusive on-line backup (restricted to superusers by default, but other users can be granted EXECUTE to run the function)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<literal><function>pg_stop_backup(<parameter>exclusive</> <type>boolean</>)</function></literal>
|
||||
</entry>
|
||||
<entry><type>setof record</type></entry>
|
||||
<entry>Finish performing exclusive or non-exclusive on-line backup (restricted to superusers or replication roles)</entry>
|
||||
<entry>Finish performing exclusive or non-exclusive on-line backup (restricted to superusers by default, but other users can be granted EXECUTE to run the function)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
@ -17553,7 +17554,7 @@ SELECT set_config('log_statement_stats', 'off', false);
|
||||
<literal><function>pg_switch_xlog()</function></literal>
|
||||
</entry>
|
||||
<entry><type>pg_lsn</type></entry>
|
||||
<entry>Force switch to a new transaction log file (restricted to superusers)</entry>
|
||||
<entry>Force switch to a new transaction log file (restricted to superusers by default, but other users can be granted EXECUTE to run the function)</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
@ -17821,7 +17822,7 @@ postgres=# SELECT * FROM pg_xlogfile_name_offset(pg_stop_backup());
|
||||
<literal><function>pg_xlog_replay_pause()</function></literal>
|
||||
</entry>
|
||||
<entry><type>void</type></entry>
|
||||
<entry>Pauses recovery immediately (restricted to superusers).
|
||||
<entry>Pauses recovery immediately (restricted to superusers by default, but other users can be granted EXECUTE to run the function).
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
@ -17829,7 +17830,7 @@ postgres=# SELECT * FROM pg_xlogfile_name_offset(pg_stop_backup());
|
||||
<literal><function>pg_xlog_replay_resume()</function></literal>
|
||||
</entry>
|
||||
<entry><type>void</type></entry>
|
||||
<entry>Restarts recovery if it was paused (restricted to superusers).
|
||||
<entry>Restarts recovery if it was paused (restricted to superusers by default, but other users can be granted EXECUTE to run the function).
|
||||
</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
|
||||
@ -2289,7 +2289,8 @@ SELECT pid, wait_event_type, wait_event FROM pg_stat_activity WHERE wait_event i
|
||||
<entry><type>void</type></entry>
|
||||
<entry>
|
||||
Reset all statistics counters for the current database to zero
|
||||
(requires superuser privileges)
|
||||
(requires superuser privileges by default, but EXECUTE for this
|
||||
function can be granted to others.)
|
||||
</entry>
|
||||
</row>
|
||||
|
||||
@ -2298,7 +2299,8 @@ SELECT pid, wait_event_type, wait_event FROM pg_stat_activity WHERE wait_event i
|
||||
<entry><type>void</type></entry>
|
||||
<entry>
|
||||
Reset some cluster-wide statistics counters to zero, depending on the
|
||||
argument (requires superuser privileges).
|
||||
argument (requires superuser privileges by default, but EXECUTE for
|
||||
this functiion can be granted to others).
|
||||
Calling <literal>pg_stat_reset_shared('bgwriter')</> will zero all the
|
||||
counters shown in the <structname>pg_stat_bgwriter</> view.
|
||||
Calling <literal>pg_stat_reset_shared('archiver')</> will zero all the
|
||||
@ -2311,7 +2313,8 @@ SELECT pid, wait_event_type, wait_event FROM pg_stat_activity WHERE wait_event i
|
||||
<entry><type>void</type></entry>
|
||||
<entry>
|
||||
Reset statistics for a single table or index in the current database to
|
||||
zero (requires superuser privileges)
|
||||
zero (requires superuser privileges by default, but EXECUTE for this
|
||||
function can be granted to others)
|
||||
</entry>
|
||||
</row>
|
||||
|
||||
@ -2320,7 +2323,8 @@ SELECT pid, wait_event_type, wait_event FROM pg_stat_activity WHERE wait_event i
|
||||
<entry><type>void</type></entry>
|
||||
<entry>
|
||||
Reset statistics for a single function in the current database to
|
||||
zero (requires superuser privileges)
|
||||
zero (requires superuser privileges by default, but EXECUTE for this
|
||||
function can be granted to others)
|
||||
</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
|
||||
Reference in New Issue
Block a user