[英]How to GRANT priveleges to non-superuser to execute function pg_read_binary_file?
In PostgreSQL I have a database with a custom function witch loads binary content of the file in database table by using the system function pg_read_binary_file
. 在PostgreSQL中,我有一个带有自定义函数的数据库,它通过使用系统函数
pg_read_binary_file
将文件的二进制内容加载到数据库表中。
If I ran this custom funtion under a user with superuser rights, it executes successfuly. 如果我在具有超级用户权限的用户下运行此自定义功能,它将成功执行。 But when the user does not have superuser rights, I receive an error:
但是,当用户没有超级用户权限时,会收到错误消息:
permission denied for function pg_read_binary_file
I thought that all that I need is to simply GRANT
permissions to EXECUTE
the funtion for such user, so I did the following: 我认为,所有我需要的是简单的
GRANT
权限EXECUTE
此类用户funtion,所以我做了以下内容:
GRANT EXECUTE ON FUNCTION pg_read_binary_file(text,bigint,bigint,boolean) TO someuser;
GRANT EXECUTE ON FUNCTION pg_read_binary_file(text,bigint,bigint) TO someuser;
GRANT EXECUTE ON FUNCTION pg_read_binary_file(text) TO someuser;
If I check the permissions by 如果我通过查看权限
SELECT proacl FROM pg_proc WHERE proname='pg_read_binary_file';
I get: 我得到:
{postgres=X/postgres,someuser=X/postgres}
{postgres=X/postgres,someuser=X/postgres}
{postgres=X/postgres,someuser=X/postgres}
As I understand, now someuser
has permission to execute the function pg_read_binary_file
. 据我了解,现在
someuser
有权限执行该功能pg_read_binary_file
。 But when I try to run my custom function, I still receive the same error: 但是,当我尝试运行自定义函数时,仍然收到相同的错误:
permission denied for function pg_read_binary_file
So the question is how to give permission to a non-superuser to execute the function pg_read_binary_file
? 因此,问题是如何授予非超级用户执行
pg_read_binary_file
函数的pg_read_binary_file
? Maybe there are some additional permissions that must be granted, but it is not obvious. 也许必须授予一些其他权限,但这并不明显。
In the documentation on Portgres system functions for pg_read_binary_file
it is written that: 在上Portgres系统功能文档用于
pg_read_binary_file
则撰文指出:
Restricted to superusers by default, but other users can be granted
EXECUTE
to run the function.默认情况下限制为超级用户,但可以授予其他用户
EXECUTE
运行该功能。
I searched for some additional information about the way how can I give such permissions, but without luck. 我搜索了一些有关如何授予此类权限的附加信息,但是没有运气。
There are three possibilities: 有三种可能性:
You are using an old PostgreSQL version. 您正在使用旧的PostgreSQL版本。
Before commit e79350fef2917522571add750e3e21af293b50fe , this was not governed by permissions on the functions, but by hard-coded checks in the function itself. 在提交e79350fef2917522571add750e3e21af293b50fe之前,这不受功能权限的限制,而是由功能本身中的硬编码检查决定的。
This doesn't seem to be your case, however, because the error messages would then read: 但是,这似乎不是您的情况,因为错误消息将显示为:
ERROR: must be superuser to read files
You are not someuser
when you try to execute the function. 你是不是
someuser
当您尝试执行功能。 Test with 测试
SELECT current_user;
You are connected to a different database (eg, you changed the permissions in the postgres
database, but someuser
connects to a different database). 您已连接到另一个数据库(例如,您更改了
postgres
数据库中的权限,但someuser
连接到另一个数据库)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.