| From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Directory/File Access Permissions for COPY and Generic File Access Functions |
| Date: | 2014-10-29 14:14:48 |
| Message-ID: | 20141029141447.GE1791@alvin.alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas wrote:
> To articular my own concerns perhaps a bit better, there are two major
> things I don't like about the whole DIRALIAS proposal. Number one,
> you're creating this SQL object whose name is not actually used for
> anything other than manipulating the alias you created. The users are
> still operating on pathnames. That's awfully strange.
I think it would make more sense if the file-accessing command specified
the DIRALIAS (or DIRECTORY, whatever we end up calling this) and a
pathname relative to the base one. Something like
postgres=# CREATE DIRECTORY logdir ALIAS FOR '/pgsql/data/pg_log';
postgres=# GRANT READ ON DIRECTORY logdir TO logscanner;
logscanner=> COPY logtable FROM 'postgresql-2014-10-28.csv' IN DIRECTORY logdir;
The ALTER ROLE GRANT READ idea proposed downthread is nice also, but one
advantage of this is not having absolute path names in the COPY command.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2014-10-29 14:17:40 | Re: Validating CHECK constraints with SPI |
| Previous Message | Kevin Grittner | 2014-10-29 14:13:03 | Re: Trailing comma support in SELECT statements |