From: | Josh Kupershmidt <schmiddy(at)gmail(dot)com> |
---|---|
To: | Noah Misch <noah(at)leadboat(dot)com> |
Cc: | Torello Querci <tquerci(at)gmail(dot)com>, Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: pg_terminate_backend and pg_cancel_backend by not administrator user |
Date: | 2011-06-02 02:26:34 |
Message-ID: | BANLkTim6dvXaOBoyetRrLkkdLfnPtUPPaA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Jun 1, 2011 at 5:55 PM, Noah Misch <noah(at)leadboat(dot)com> wrote:
> On Sun, May 29, 2011 at 10:56:02AM -0400, Josh Kupershmidt wrote:
>> Looking around, I see there were real problems[1] with sending SIGTERM
>> to individual backends back in 2005 or so, and pg_terminate_backend()
>> was only deemed safe enough to put in for 8.4 [2]. So expanding
>> pg_terminate_backend() privileges does make me a tad nervous.
>
> The documentation for the CREATE USER flag would boil down to "omit this flag
> only if you're worried about undiscovered PostgreSQL bugs in this area". I'd
> echo Tom's sentiment from the first thread, "In any case I think we have to
> solve it, not create new mechanisms to try to ignore it."
I do agree with Tom's sentiment from that thread. But, if we are
confident that pg_terminate_backend() is safe enough to relax
permissions on, then I take it you agree we should plan to extend this
power to all users? And if so, is this patch a good first step on that
path?
>> Reading through those old threads made me realize this patch would
>> give database owners the ability to kill off autovacuum workers. Seems
>> like we'd want to restrict that power to superusers.
>
> Would we? Any old user can already stifle VACUUM by holding a transaction open.
This is true, though it's possible we might at some point want a
backend process which really shouldn't be killable by non-superusers
(if vacuum/autovacuum isn't one already.) Actually, I could easily
imagine a superuser running an important query on a database getting
peeved if a non-superuser were allowed to cancel/terminate his
queries.
Josh
From | Date | Subject | |
---|---|---|---|
Next Message | Mark Kirkwood | 2011-06-02 02:52:18 | Re: Re: patch review : Add ability to constrain backend temporary file space |
Previous Message | Merlin Moncure | 2011-06-02 01:36:32 | Re: storing TZ along timestamps |