| From: | Torello Querci <tquerci(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Daniel Farina <daniel(at)heroku(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_cancel_backend by non-superuser |
| Date: | 2011-10-01 05:44:44 |
| Message-ID: | CA+igE6TbTX5d1EkaGY01G3VnyydLf0e5BDdWG=n4HpTEnkYUUQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
2011/10/1 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
> Daniel Farina <daniel(at)heroku(dot)com> writes:
>> This patch would appear(?) to have languished:
>> https://commitfest.postgresql.org/action/patch_view?id=541
>
>> I'd really like to see it included. In the last comments of the
>> review, there seem to be problems in *terminate* backend, but even
>> just pg_cancel_backend as non-superuser would be just a huge
>> improvement. What are the things blocking non-superuser
>> pg_cancel_backend from being accepted?
>
> I think the reason the patch stalled is that we have not got consensus
> on how far to extend the conditions under which these operations should
> be allowed. For instance, in the last comment attached to that
> commitfest entry, Noah alleges that a non-superuser database owner
> should be allowed to kill a superuser's session, if it's connected
> to his database. My reaction to that is somewhere between "no" and
> "hell no"; IMO superusers can mess up non-superusers, never vice versa.
> If I recall the discussion correctly, there were other points of
> contention too.
>
Hi,
the original patch allow only for the DB Owner to kill sessions owner
by other users.
This because in real world I have some production database where I'm
not the DBA, but only the DB owner.
I think that is not a good idea that a normal users is able to kill
session from the same user because, unfortunally,
in some real environment there are a lots of application that need to
access to the same database and the same user is used.
I know that is not a good practise but it is on the field ....
For this reason I suppose that allow only to DB onwer to kill other
sessions it is a good compromize between functionality and security,
but is my personal opinion ...
> I don't think we need more coding right now ... we need somebody to
> write a spec that everyone can agree to.
>
> ISTM it would be reasonably non-controversial to allow users to issue
> pg_cancel_backend against other sessions logged in as the same userID.
> The question is whether to go further than that, and if so how much.
>
> regards, tom lane
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2011-10-01 16:03:07 | Inconsistency in postgresql.conf |
| Previous Message | Tom Lane | 2011-10-01 04:30:45 | Re: pg_cancel_backend by non-superuser |