From 11523e860f8fe29f9142fb63c44e01cd0d5e7375 Mon Sep 17 00:00:00 2001 From: Stephen Frost Date: Fri, 6 Apr 2018 14:47:10 -0400 Subject: Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net --- doc/src/sgml/adminpack.sgml | 55 +++++---------------------------------------- 1 file changed, 6 insertions(+), 49 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/adminpack.sgml b/doc/src/sgml/adminpack.sgml index 1197eefbf31..2655417366c 100644 --- a/doc/src/sgml/adminpack.sgml +++ b/doc/src/sgml/adminpack.sgml @@ -12,7 +12,8 @@ pgAdmin and other administration and management tools can use to provide additional functionality, such as remote management of server log files. - Use of all these functions is restricted to superusers. + Use of all these functions is only allowed to the superuser by default but may be + allowed to other users by using the GRANT command. @@ -20,8 +21,10 @@ write access to files on the machine hosting the server. (See also the functions in , which provide read-only access.) - Only files within the database cluster directory can be accessed, but - either a relative or absolute path is allowable. + Only files within the database cluster directory can be accessed, unless the + user is a superuser or given one of the pg_read_server_files, or pg_write_server_files + roles, as appropriate for the function, but either a relative or absolute path is + allowable. @@ -113,50 +116,4 @@ function. - - The functions shown - in are deprecated - and should not be used in new applications; instead use those shown - in - and . These functions are - provided in adminpack only for compatibility with old - versions of pgAdmin. - - -
- Deprecated <filename>adminpack</filename> Functions - - - Name Return Type Description - - - - - - pg_catalog.pg_file_read(filename text, offset bigint, nbytes bigint) - text - - Alternate name for pg_read_file() - - - - pg_catalog.pg_file_length(filename text) - bigint - - Same as size column returned - by pg_stat_file() - - - - pg_catalog.pg_logfile_rotate() - integer - - Alternate name for pg_rotate_logfile(), but note that it - returns integer 0 or 1 rather than boolean - - - - -
- -- cgit v1.2.3