[英]Can every user restore a dump using pg_restore?
I created a user on local PostgreSQL instance using this command:我使用以下命令在本地 PostgreSQL 实例上创建了一个用户:
create role testuser with login password 'test'
Then I created a blank database and used pg_restore
to restore a backup on the newly created database using this command:然后我创建了一个空白数据库并使用pg_restore
使用以下命令在新创建的数据库上恢复备份:
pg_restore -c -h 172.27.211.11 -U testuser -d abcd_test1 "E:\testbackup_20180509_2330.backup"
Surprisingly, the backup got restored.令人惊讶的是,备份恢复了。 Does that mean all users have the right to restore the database?这是否意味着所有用户都有权恢复数据库?
Is there any way to prevent a user from restoring the database?有什么办法可以防止用户恢复数据库?
Unless you gave testuser
the CREATE
permission on abcd_test1
, that can only work if all objects in the dump are in the public
schema.除非您授予testuser
对abcd_test1
的CREATE
权限, abcd_test1
只有在转储中的所有对象都在public
模式中时才能工作。 Otherwise you'd get errors as soon an pg_restore
tries to create the schemas.否则,一旦pg_restore
尝试创建模式,您就会收到错误消息。
What you observe is caused by two things:你观察到的是由两件事引起的:
Every database has CONNECT
permissions for PUBLIC
by default.默认情况下,每个数据库都具有PUBLIC
的CONNECT
权限。
the public
schema has CREATE
permissions for PUBLIC
by default.默认情况下, public
架构对PUBLIC
具有CREATE
权限。
Since PUBLIC
is the pseudo-role that everybody belongs to, testuser
can connect and create objects in the public
schema.由于PUBLIC
是每个人都属于的伪角色,因此testuser
可以在public
模式中连接和创建对象。
It is a good idea to restrict permissions on every new PostgreSQL database:限制对每个新 PostgreSQL 数据库的权限是个好主意:
REVOKE ALL ON DATABASE abcd_test1 FROM PUBLIC;
REVOKE CREATE ON SCHEMA public FROM PUBLIC;
Then you can deal out permissions in a more restrictive fashion.然后,您可以以更严格的方式处理权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.