stackoom
  简体   繁体   中英

How to GRANT priveleges to non-superuser to execute function pg_read_binary_file?

 原文  2019-08-27 05:34:45       postgresql/ security/ privileges

Question

In PostgreSQL I have a database with a custom function witch loads binary content of the file in database table by using the system function pg_read_binary_file .

If I ran this custom funtion under a user with superuser rights, it executes successfuly. But when the user does not have superuser rights, I receive an error: 

permission denied for function pg_read_binary_file

I thought that all that I need is to simply GRANT permissions to EXECUTE the funtion for such user, so I did the following: 

GRANT EXECUTE ON FUNCTION pg_read_binary_file(text,bigint,bigint,boolean) TO someuser;
GRANT EXECUTE ON FUNCTION pg_read_binary_file(text,bigint,bigint) TO someuser; 
GRANT EXECUTE ON FUNCTION pg_read_binary_file(text) TO someuser;

If I check the permissions by 

SELECT proacl FROM pg_proc WHERE proname='pg_read_binary_file';

I get: 

{postgres=X/postgres,someuser=X/postgres}
{postgres=X/postgres,someuser=X/postgres}
{postgres=X/postgres,someuser=X/postgres}

As I understand, now someuser has permission to execute the function pg_read_binary_file . But when I try to run my custom function, I still receive the same error: 

permission denied for function pg_read_binary_file

So the question is how to give permission to a non-superuser to execute the function pg_read_binary_file ? Maybe there are some additional permissions that must be granted, but it is not obvious.

In the documentation on Portgres system functions for pg_read_binary_file it is written that:

Restricted to superusers by default, but other users can be granted EXECUTE to run the function.

I searched for some additional information about the way how can I give such permissions, but without luck.

1 answers

solution1
 0 ACCPTED  2019-08-27 08:58:37

There are three possibilities:

  1. You are using an old PostgreSQL version.

    Before commit e79350fef2917522571add750e3e21af293b50fe , this was not governed by permissions on the functions, but by hard-coded checks in the function itself.

    This doesn't seem to be your case, however, because the error messages would then read: 

     ERROR: must be superuser to read files

  2. You are not someuser when you try to execute the function. Test with 

     SELECT current_user;

  3. You are connected to a different database (eg, you changed the permissions in the postgres database, but someuser connects to a different database).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question import in postgresql 9.5 with pg_read_binary_file PostgreSQL 14.5 pg_read_binary_file could not open file for reading: Invalid argument PostgreSQL 9.x - pg_read_binary_file & inserting files into bytea Non-SuperUser Database Management AWS RDS: how to grant SELECT PG_BUFFERCACHE to non-aws-superuser Create cast as a non-superuser user with Postgresql Get the actual data of the large object using non-superuser account Is it possible for DEFAULT PRIVILEGES statements to be owned by another non-superuser role? Postgresql Foreign data wrapper error Non-superuser cannot connect if the server does not request a password Non-superuser cannot connect if the server does not request a password while using dblink
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM