On Wed, Oct 15, 2014 at 11:34 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > "Brightwell, Adam" <adam.brightw...@crunchydatasolutions.com> writes: >> The attached patch for review implements a directory permission system that >> allows for providing a directory read/write capability to directories for >> COPY TO/FROM and Generic File Access Functions to non-superusers. > > TBH, this sounds like it's adding a lot of mechanism and *significant* > risk of unforeseen security issues in order to solve a problem that we > do not need to solve. The field demand for such a feature is just about > indistinguishable from zero.
I am also not convinced that we need this. If we need to allow non-superusers COPY permission at all, can we just exclude certain "unsafe" directories (like the data directory, and tablespaces) and let them access anything else? Or can we have a whitelist of directories stored as a PGC_SUSER GUC? This seems awfully heavyweight for what it is. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
