每个用户都可以使用 pg_restore 恢复转储吗?
[英]Can every user restore a dump using pg_restore?
问题描述
I created a user on local PostgreSQL instance using this command:
我使用以下命令在本地 PostgreSQL 实例上创建了一个用户:
create role testuser with login password 'test'
Then I created a blank database and used pg_restore to restore a backup on the newly created database using this command:然后我创建了一个空白数据库并使用pg_restore使用以下命令在新创建的数据库上恢复备份:
pg_restore -c -h 172.27.211.11 -U testuser -d abcd_test1 "E:\testbackup_20180509_2330.backup"
Surprisingly, the backup got restored.令人惊讶的是,备份恢复了。 Does that mean all users have the right to restore the database?这是否意味着所有用户都有权恢复数据库?
Is there any way to prevent a user from restoring the database?有什么办法可以防止用户恢复数据库?
1 个解决方案
解决方案1
4 2018-05-11 06:52:21
Unless you gave testuser the CREATE permission on abcd_test1 , that can only work if all objects in the dump are in the public schema.除非您授予testuser对abcd_test1的CREATE权限, abcd_test1只有在转储中的所有对象都在public模式中时才能工作。 Otherwise you'd get errors as soon an pg_restore tries to create the schemas.否则,一旦pg_restore尝试创建模式,您就会收到错误消息。
What you observe is caused by two things:你观察到的是由两件事引起的:
Every database has
CONNECTpermissions forPUBLICby default.默认情况下,每个数据库都具有PUBLIC的CONNECT权限。the
publicschema hasCREATEpermissions forPUBLICby default.默认情况下, public架构对PUBLIC具有CREATE权限。
Since PUBLIC is the pseudo-role that everybody belongs to, testuser can connect and create objects in the public schema.由于PUBLIC是每个人都属于的伪角色,因此testuser可以在public模式中连接和创建对象。
It is a good idea to restrict permissions on every new PostgreSQL database:限制对每个新 PostgreSQL 数据库的权限是个好主意:
REVOKE ALL ON DATABASE abcd_test1 FROM PUBLIC;
REVOKE CREATE ON SCHEMA public FROM PUBLIC;
Then you can deal out permissions in a more restrictive fashion.然后,您可以以更严格的方式处理权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.