如何授予非超级用户特权以执行函数pg_read_binary_file?
[英]How to GRANT priveleges to non-superuser to execute function pg_read_binary_file?
问题描述
In PostgreSQL I have a database with a custom function witch loads binary content of the file in database table by using the system function pg_read_binary_file . 
在PostgreSQL中,我有一个带有自定义函数的数据库,它通过使用系统函数pg_read_binary_file将文件的二进制内容加载到数据库表中。
If I ran this custom funtion under a user with superuser rights, it executes successfuly. 如果我在具有超级用户权限的用户下运行此自定义功能,它将成功执行。 But when the user does not have superuser rights, I receive an error: 但是,当用户没有超级用户权限时,会收到错误消息:
permission denied for function pg_read_binary_file
I thought that all that I need is to simply GRANT permissions to EXECUTE the funtion for such user, so I did the following: 我认为,所有我需要的是简单的GRANT权限EXECUTE此类用户funtion,所以我做了以下内容:
GRANT EXECUTE ON FUNCTION pg_read_binary_file(text,bigint,bigint,boolean) TO someuser;
GRANT EXECUTE ON FUNCTION pg_read_binary_file(text,bigint,bigint) TO someuser;
GRANT EXECUTE ON FUNCTION pg_read_binary_file(text) TO someuser;
If I check the permissions by 如果我通过查看权限
SELECT proacl FROM pg_proc WHERE proname='pg_read_binary_file';
I get: 我得到:
{postgres=X/postgres,someuser=X/postgres}
{postgres=X/postgres,someuser=X/postgres}
{postgres=X/postgres,someuser=X/postgres}
As I understand, now someuser has permission to execute the function pg_read_binary_file . 据我了解,现在someuser有权限执行该功能pg_read_binary_file 。 But when I try to run my custom function, I still receive the same error: 但是,当我尝试运行自定义函数时,仍然收到相同的错误:
permission denied for function pg_read_binary_file
So the question is how to give permission to a non-superuser to execute the function pg_read_binary_file ? 因此,问题是如何授予非超级用户执行pg_read_binary_file函数的pg_read_binary_file ? Maybe there are some additional permissions that must be granted, but it is not obvious. 也许必须授予一些其他权限,但这并不明显。
In the documentation on Portgres system functions for pg_read_binary_file it is written that: 在上Portgres系统功能文档用于pg_read_binary_file则撰文指出:
Restricted to superusers by default, but other users can be granted
EXECUTEto run the function.EXECUTE运行该功能。
I searched for some additional information about the way how can I give such permissions, but without luck. 我搜索了一些有关如何授予此类权限的附加信息,但是没有运气。
1 个解决方案
解决方案1
0 已采纳 2019-08-27 08:58:37
There are three possibilities: 有三种可能性:
You are using an old PostgreSQL version.
您正在使用旧的PostgreSQL版本。 Before commit e79350fef2917522571add750e3e21af293b50fe , this was not governed by permissions on the functions, but by hard-coded checks in the function itself.
在提交e79350fef2917522571add750e3e21af293b50fe之前,这不受功能权限的限制,而是由功能本身中的硬编码检查决定的。 This doesn't seem to be your case, however, because the error messages would then read:
但是,这似乎不是您的情况,因为错误消息将显示为: ERROR: must be superuser to read filesYou are not
someuserwhen you try to execute the function.你是不是someuser当您尝试执行功能。 Test with测试 SELECT current_user;You are connected to a different database (eg, you changed the permissions in the
postgresdatabase, butsomeuserconnects to a different database).您已连接到另一个数据库(例如,您更改了postgres数据库中的权限,但someuser连接到另一个数据库)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.