Re: [HACKERS] pg_tablespace_size()

Fri, 12 Oct 2007 07:44:45 -0700 

On Fri, Oct 12, 2007 at 12:20:08PM +0100, Dave Page wrote:
> Following on from Hiroshi's earlier post:
> http://archives.postgresql.org/pgsql-hackers/2007-10/msg00324.php
> 
> Per http://archives.postgresql.org/pgsql-hackers/2007-08/msg01018.php,
> superusers should be able to use pg_tablespace_size() on any tablespace,
> however when logged in as postgres on a beta1 server, I get:
> 
> -- Executing query:
> select pg_tablespace_size('pg_global');
> 
> ERROR:  permission denied for tablespace pg_global
> 
> Can this be fixed please?

Attached is a patch I want to apply for this. Toms message at
http://archives.postgresql.org/pgsql-hackers/2007-10/msg00448.php makes me
bring it up here before I apply it.

I think the correct behaviour is that superusers should be able to do it,
and that's in the thread that Dave referred to. But since Tom said it's "by
design" in the message above, I'd like confirmation that this is ok.

Since I think that allowing superusers to do it is the only sensible thing,
I will apply this patch unless someone objects :-)

//Magnus

Index: src/backend/utils/adt/dbsize.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/utils/adt/dbsize.c,v
retrieving revision 1.14
diff -c -r1.14 dbsize.c
*** src/backend/utils/adt/dbsize.c      29 Aug 2007 17:24:29 -0000      1.14
--- src/backend/utils/adt/dbsize.c      12 Oct 2007 14:38:32 -0000
***************
*** 164,171 ****
        /*
         * User must have CREATE privilege for target tablespace, either 
explicitly
         * granted or implicitly because it is default for current database.
         */
!       if (tblspcOid != MyDatabaseTableSpace)
        {
                aclresult = pg_tablespace_aclcheck(tblspcOid, GetUserId(), 
ACL_CREATE);
                if (aclresult != ACLCHECK_OK)
--- 164,175 ----
        /*
         * User must have CREATE privilege for target tablespace, either 
explicitly
         * granted or implicitly because it is default for current database.
+        *
+        * Specifically check for superuser permissions here, since
+        * pg_tablespace_aclcheck() will deny access to pg_global even for
+        * superusers.
         */
!       if (tblspcOid != MyDatabaseTableSpace && !superuser())
        {
                aclresult = pg_tablespace_aclcheck(tblspcOid, GetUserId(), 
ACL_CREATE);
                if (aclresult != ACLCHECK_OK)

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
       choose an index scan if your joining column's datatypes do not
       match

Reply via email to