On Fri, Aug 19, 2005 at 05:49:06PM +1200, Bernard wrote: > If the owner of an application owning the connections trusts the > application and gets the postgres superuser to grant it the right to > read from files, then it is obviously acceptable to the owner of the > application and to the postgres superuser. There is no doubt about > that and the owner of the application is not concerned with 3rd party > acceptability. This would be a solution even if Postgres system files > were totally exposed. Better than nothing. I think what people are trying to tell you is that "permission to read server files" == "superuser". If the postgres superuser grants you permission to read server files, they then have access to all files in all databases in the server, i.e. they are superuser. You know, read passwords, see ident mappings, etc... So in your case, what's the problem with making your user a superuser, it's not like you're limited to just one. Finally, as someone pointed out, you can create a function to execute the copy as a superuser and let your normal user call it. No need to open up the whole system just to solve something that a five line function will do just as well. -- Martijn van Oosterhout <kleptog@xxxxxxxxx> http://svana.org/kleptog/ > Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a > tool for doing 5% of the work and then sitting around waiting for someone > else to do the other 95% so you can sue them.
Attachment:
pgpfORBi8YstU.pgp
Description: PGP signature
