ALTER DOMAIN .. OWNER TO ..

Allow change of ownership in a domain.

Either a superuser or owner of the schema may change the owner of the
domain.

--
Rod Taylor <rbt(at)rbt(dot)ca>

PGP Key: http://www.rbt.ca/rbtpub.asc

What about the owner of the schema?

Chris

----- Original Message -----
From: "Rod Taylor" <rbt(at)rbt(dot)ca>
To: "PostgreSQL Patches" <pgsql-patches(at)postgresql(dot)org>
Sent: Sunday, December 08, 2002 6:19 PM
Subject: [PATCHES] ALTER DOMAIN .. OWNER TO ..

Allow change of ownership in a domain.

Either a superuser or owner of the schema may change the owner of the
domain.

--
Rod Taylor <rbt(at)rbt(dot)ca>

PGP Key: http://www.rbt.ca/rbtpub.asc

DOH! I mean, what about the owner of the domain? :)

Chris

----- Original Message -----
From: "Rod Taylor" <rbt(at)rbt(dot)ca>
To: "PostgreSQL Patches" <pgsql-patches(at)postgresql(dot)org>
Sent: Sunday, December 08, 2002 6:19 PM
Subject: [PATCHES] ALTER DOMAIN .. OWNER TO ..

Allow change of ownership in a domain.

Either a superuser or owner of the schema may change the owner of the
domain.

--
Rod Taylor <rbt(at)rbt(dot)ca>

PGP Key: http://www.rbt.ca/rbtpub.asc

On Sun, 2002-12-08 at 22:31, Christopher Kings-Lynne wrote:
> DOH! I mean, what about the owner of the domain? :)

Alter table doesn't even allow the owner of the schema to change the
table owner.

Anyway... Unix has never allowed you to give away your own stuff to
others on the filesystem. I'm sure there is a good reason for that :)

> ----- Original Message -----
> From: "Rod Taylor" <rbt(at)rbt(dot)ca>
> To: "PostgreSQL Patches" <pgsql-patches(at)postgresql(dot)org>
> Sent: Sunday, December 08, 2002 6:19 PM
> Subject: [PATCHES] ALTER DOMAIN .. OWNER TO ..
>
>
> Allow change of ownership in a domain.
>
> Either a superuser or owner of the schema may change the owner of the
> domain.
--
Rod Taylor <rbt(at)rbt(dot)ca>

PGP Key: http://www.rbt.ca/rbtpub.asc

Rod Taylor <rbt(at)rbt(dot)ca> writes:
> Either a superuser or owner of the schema may change the owner of the
> domain.

Superuser only, please. Or are you not familiar with the reasons why
most Unixen do not allow one to "give away" ownership of a file?

regards, tom lane

On Mon, 2002-12-09 at 09:59, Tom Lane wrote:
> Rod Taylor <rbt(at)rbt(dot)ca> writes:
> > Either a superuser or owner of the schema may change the owner of the
> > domain.
>
> Superuser only, please. Or are you not familiar with the reasons why
> most Unixen do not allow one to "give away" ownership of a file?

Not schema owner?

Isn't the schema owner considered a 'superuser' of their own area?

The two reasons I know of are 1) quotas, and 2) people breaking in
hiding their work.

We don't have quotas, and if the schema owner is 'super user' in their
area, then they'll always be able to find it -- though I can understand
not allowing change of owner on the schema by the schema owner (database
owner and super users only...).

Anyway, I'll submit the change for it to be superuser only -- and will
debate that the database owner should be superuser for their database
later.

--
Rod Taylor <rbt(at)rbt(dot)ca>

PGP Key: http://www.rbt.ca/rbtpub.asc

Only superuser may change ownership...

On Mon, 2002-12-09 at 09:59, Tom Lane wrote:
> Rod Taylor <rbt(at)rbt(dot)ca> writes:
> > Either a superuser or owner of the schema may change the owner of the
> > domain.
>
> Superuser only, please. Or are you not familiar with the reasons why
> most Unixen do not allow one to "give away" ownership of a file?
>
> regards, tom lane
--
Rod Taylor <rbt(at)rbt(dot)ca>

PGP Key: http://www.rbt.ca/rbtpub.asc

Rod Taylor <rbt(at)rbt(dot)ca> writes:
> On Mon, 2002-12-09 at 09:59, Tom Lane wrote:
>> Superuser only, please. Or are you not familiar with the reasons why
>> most Unixen do not allow one to "give away" ownership of a file?

> Not schema owner?
> Isn't the schema owner considered a 'superuser' of their own area?

No. The schema owner has the right to drop an item in their schema (and
maybe to rename it, I forget) but not the right to alter its properties.
This is exactly analogous to what a Unix directory owner can do to a
contained file he doesn't own.

> The two reasons I know of are 1) quotas, and 2) people breaking in
> hiding their work.

Try "3), without it, filesystem security is a joke". Consider
echo "rm -rf ~joe" >badscript
chmod u+sx badscript
chown joe badscript
./badscript

PG would be vulnerable to similar sorts of attacks if we allowed giving
away function ownership. Domains might be too simple to support such
attacks ... at the moment. I don't want to bet that they'll always be
so.

regards, tom lane

Your patch has been added to the PostgreSQL unapplied patches list at:

http://momjian.postgresql.org/cgi-bin/pgpatches

I will try to apply it within the next 48 hours.

---------------------------------------------------------------------------

Rod Taylor wrote:
-- Start of PGP signed section.
> Only superuser may change ownership...
>
> On Mon, 2002-12-09 at 09:59, Tom Lane wrote:
> > Rod Taylor <rbt(at)rbt(dot)ca> writes:
> > > Either a superuser or owner of the schema may change the owner of the
> > > domain.
> >
> > Superuser only, please. Or are you not familiar with the reasons why
> > most Unixen do not allow one to "give away" ownership of a file?
> >
> > regards, tom lane
> --
> Rod Taylor <rbt(at)rbt(dot)ca>
>
> PGP Key: http://www.rbt.ca/rbtpub.asc

[ Attachment, skipping... ]
-- End of PGP section, PGP failed!

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073