From: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
---|---|
To: | Amit Kapila <amit(dot)kapila16(at)gmail(dot)com> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Joe Conway <mail(at)joeconway(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Audit of logout |
Date: | 2014-08-27 11:49:22 |
Message-ID: | CAHGQGwGbXkh46UAGcUMbgiP4hHKbjrp+amB80trvcmgXRJ-Ywg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sat, Aug 23, 2014 at 3:44 PM, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com> wrote:
> On Tue, Aug 5, 2014 at 8:04 PM, Fujii Masao <masao(dot)fujii(at)gmail(dot)com> wrote:
>>
>> Yep, the attached patch introduces PGC_SU_BACKEND and
>> changes the contexts of log_connections and log_disconnections
>> to PGC_SU_BACKEND. Review?
>>
Thanks for reviewing the patch!
> 1.
> ! else if (context != PGC_POSTMASTER && context != PGC_SU_BACKEND &&
> ! context != PGC_SU_BACKEND && source != PGC_S_CLIENT)
>
> In the above check for PGC_SU_BACKEND is repeated, here
> one of the check should be PGC_SU_BACKEND and other
> should be PGC_BACKEND.
Right. Fixed. Attached is the updated version of the patch.
BTW, I also added the following into the document of log_connections
and log_disconnections.
Only superusers can change this setting at session start.
> 2.
> + case PGC_SU_BACKEND:
> + if (context == PGC_BACKEND)
> + {
> ..
> ..
> + return 0;
> + }
> case PGC_BACKEND:
> if (context == PGC_SIGHUP)
>
> Changing PGC_SU_BACKEND parameter (log_connections) is
> visible even with a non-super user client due to above code.
> Shouldn't it be only visible for super-user logins?
>
> Simple steps to reproduce the problem:
> a. start Server (default configuration)
> b. connect with superuser
> c. change in log_connections to on in postgresql.conf
> d. perform select pg_reload_conf();
> e. connect with non-super-user
> f. show log_connections; --This step shows the value as on,
> --whereas I think it should have been
> off
In this case, log_connections is changed in postgresql.conf and it's
reloaded, so ISTM that it's natural that even non-superuser sees the
changed value. No? Maybe I'm missing something.
Regards,
--
Fujii Masao
Attachment | Content-Type | Size |
---|---|---|
pgc-su-backend_v2.patch | text/x-patch | 7.8 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Fujii Masao | 2014-08-27 11:56:46 | Re: Specifying the unit in storage parameter |
Previous Message | Fabien COELHO | 2014-08-27 11:37:44 | Re: pgbench throttling latency limit |