Search Postgresql Archives

Re: Is it possible to stop sessions killing eachother when they all authorize as the same role?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

xof@thebuild.com wrote:

bryn@xxxxxxxxxxxx wrote:

What are you seeing that I'm failing to?

It works correctly for me, on MacOS:

create user r1;
revoke execute on function pg_terminate_backend from r1;

(reconnect as r1)

select pg_terminate_backend(123);

ERROR:  permission denied for function pg_terminate_backend

Yes—this is what you all say. I suspect some-or-other setting that I’m unaware of. I tried (part of) Tom's test, thus:

\c postgres postgres
drop user if exists joe;
create user joe;
\c - joe

At first, the attempt to connect as "joe" failed for me because I had hardened my "postgres" database thus:

revoke all on database postgres from public;
alter database postgres connection limit = 0;

I say this only to emphasize that there are always things that are critical that are elided in a testcase that tries to be minimal.

So it seems that there's something critical about my env that I'm failing to tell you all. But what can it be?

I just recruited a colleague to try Tom's minimal test. He saw what I did. That "joe" *is* able to invoke "pg_terminate_backend()" even after revoking execute on it from public. So he's doing the same pilot error as me.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux