In PostgreSQL I have a database with a custom function witch loads binary content of the file in database table by using the system function pg_read_binary_file
.
If I ran this custom funtion under a user with superuser rights, it executes successfuly. But when the user does not have superuser rights, I receive an error:
permission denied for function pg_read_binary_file
I thought that all that I need is to simply GRANT
permissions to EXECUTE
the funtion for such user, so I did the following:
GRANT EXECUTE ON FUNCTION pg_read_binary_file(text,bigint,bigint,boolean) TO someuser;
GRANT EXECUTE ON FUNCTION pg_read_binary_file(text,bigint,bigint) TO someuser;
GRANT EXECUTE ON FUNCTION pg_read_binary_file(text) TO someuser;
If I check the permissions by
SELECT proacl FROM pg_proc WHERE proname='pg_read_binary_file';
I get:
{postgres=X/postgres,someuser=X/postgres}
{postgres=X/postgres,someuser=X/postgres}
{postgres=X/postgres,someuser=X/postgres}
As I understand, now someuser
has permission to execute the function pg_read_binary_file
. But when I try to run my custom function, I still receive the same error:
permission denied for function pg_read_binary_file
So the question is how to give permission to a non-superuser to execute the function pg_read_binary_file
? Maybe there are some additional permissions that must be granted, but it is not obvious.
In the documentation on Portgres system functions for pg_read_binary_file
it is written that:
Restricted to superusers by default, but other users can be granted
EXECUTE
to run the function.
I searched for some additional information about the way how can I give such permissions, but without luck.
There are three possibilities:
You are using an old PostgreSQL version.
Before commit e79350fef2917522571add750e3e21af293b50fe , this was not governed by permissions on the functions, but by hard-coded checks in the function itself.
This doesn't seem to be your case, however, because the error messages would then read:
ERROR: must be superuser to read files
You are not someuser
when you try to execute the function. Test with
SELECT current_user;
You are connected to a different database (eg, you changed the permissions in the postgres
database, but someuser
connects to a different database).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.