database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-08-30 06:01:21 +03:00
Code Activity

Mark some contrib modules as "trusted".

Browse Source 
This allows these modules to be installed into a database without
superuser privileges (assuming that the DBA or sysadmin has installed
the module's files in the expected place).  You only need CREATE
privilege on the current database, which by default would be
available to the database owner.

The following modules are marked trusted:

btree_gin
btree_gist
citext
cube
dict_int
earthdistance
fuzzystrmatch
hstore
hstore_plperl
intarray
isn
jsonb_plperl
lo
ltree
pg_trgm
pgcrypto
seg
tablefunc
tcn
tsm_system_rows
tsm_system_time
unaccent
uuid-ossp

In the future we might mark some more modules trusted, but there
seems to be no debate about these, and on the whole it seems wise
to be conservative with use of this feature to start out with.

Discussion: https://postgr.es/m/32315.1580326876@sss.pgh.pa.us
This commit is contained in:
Tom Lane
2020-02-13 15:02:35 -05:00
parent 7fdd919ae7
commit eb67623c96
46 changed files with 174 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
doc/src/sgml/contrib.sgml
View File

@@ -54,7 +54,7 @@
Many modules supply new user-defined functions, operators, or types.
To make use of one of these modules, after you have installed the code
you need to register the new SQL objects in the database system.
In <productname>PostgreSQL</productname> 9.1 and later, this is done by executing
This is done by executing
a <xref linkend="sql-createextension"/> command. In a fresh database,
you can simply do
@@ -62,14 +62,23 @@
CREATE EXTENSION <replaceable>module_name</replaceable>;
</programlisting>
This command must be run by a database superuser. This registers the
new SQL objects in the current database only, so you need to run this
command in each database that you want
This command registers the new SQL objects in the current database only,
so you need to run it in each database that you want
the module's facilities to be available in. Alternatively, run it in
database <literal>template1</literal> so that the extension will be copied into
subsequently-created databases by default.
</para>
<para>
For all these modules, <command>CREATE EXTENSION</command> must be run
by a database superuser, unless the module is
considered <quote>trusted</quote>, in which case it can be run by any
user who has <literal>CREATE</literal> privilege on the current
database. Modules that are trusted are identified as such in the
sections that follow. Generally, trusted modules are ones that cannot
provide access to outside-the-database functionality.
</para>
<para>
Many modules allow you to install their objects in a schema of your
choice. To do that, add <literal>SCHEMA