Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove EnsureSuper calls and revoke permissions instead #2543

Open
marcocitus opened this issue Dec 13, 2018 · 1 comment
Open

Remove EnsureSuper calls and revoke permissions instead #2543

marcocitus opened this issue Dec 13, 2018 · 1 comment
Labels
warm-up

Comments

@marcocitus
Copy link
Member

The following functions still call EnsureSuperuser() to prevent other users from executing them.

  • citus_create_restore_point
  • worker_drop_distributed_table
  • start_metadata_sync_to_node
  • stop_metadata_sync_to_node
  • lock_shard_metadata
  • lock_shard_resources
  • worker_create_truncate_trigger
  • worker_drop_distributed_table

It would be preferable to revoke their permissions from all users and then remove the call to EnsureSuperuser. That way, the administrator can decide which users can call these functions such that superuser is not required.

In addition COPY (format transmit) currently requires superuser, but we've made improvements to ensure that only files that were generated by the original user can be read. We could consider removing the superuser requirement in transmit as well.
@marcocitus
Copy link
Member Author

Labeling as a good warm-up task for learning how upgrade scripts and permissions in Postgres work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
warm-up
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@marcocitus