From: | Neil Chen <carpenter(dot)nail(dot)cz(at)gmail(dot)com> |
---|---|
To: | drtr0jan(at)yandex(dot)ru |
Cc: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
Subject: | Re: Inconsistent behavior of pg_dump/pg_restore on DEFAULT PRIVILEGES |
Date: | 2021-03-31 03:30:54 |
Message-ID: | CAA3qoJkRCLwGsOq8kEAessFOHqoVC4oc0zMWBK_w9vj5Y99rHQ@mail.gmail.com |
Views: | Whole Thread | Raw Message | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs pgsql-hackers |
Sorry I used the wrong way to send the email. The email about the bug is
here:
https://www.postgresql.org/message-id/111621616618184%40mail.yandex.ru
On Wed, Mar 31, 2021 at 11:02 AM Neil Chen <carpenter(dot)nail(dot)cz(at)gmail(dot)com>
wrote:
> Greetings,
>
> I did some research on this bug and found that the reason for the problem
> is that the pg_dump misjudged the non-global default access privileges when
> exporting. The details are as follows:
>
>> The default for a global entry is the hard-wired default ACL for the
>> particular object type. The default for non-global entries is an empty
>> ACL. This must be so because global entries replace the hard-wired
>> defaults, while others are added on.
>>
> We can find this description in code
> comments(src/backend/catalog/aclchk.c:1162). For example, if we log as user
> postgres, for global entire our default ACL is
> "{=X/postgres,postgres=X/postgres}", for non-global entire it's "NULL".
>
> Now let's look at a part of the SQL statement used when pg_dump exports
> the default ACL(it can be found in src/bin/pg_dump/dumputils.c:762):
>
>> (SELECT pg_catalog.array_agg(acl ORDER BY row_n) FROM
>> (SELECT acl, row_n FROM
>> pg_catalog.unnest(coalesce(defaclacl,pg_catalog.acldefault(CASE WHEN
>> defaclobjtype = 'S' THEN 's' ELSE defaclobjtype END::"char",defaclrole)))
>> WITH ORDINALITY AS perm(acl,row_n)
>> WHERE NOT EXISTS (
>> SELECT 1 FROM
>> pg_catalog.unnest(coalesce(pip.initprivs,pg_catalog.acldefault(CASE WHEN
>> defaclobjtype = 'S' THEN 's' ELSE defaclobjtype END::"char",defaclrole)))
>> AS init(init_acl) WHERE acl = init_acl)) as foo)
>
> It can be seen that when comparing the changes of default ACL, it does not
> distinguish between global and non-global default ACL. It uses
> {=X/postgres,postgres=X/postgres} as the non-global default ACL by mistake,
> resulting in the export error.
>
> Combined with the above research, I gave this patch to fix the
> bug. Hackers can help to see if this modification is correct. I'm studying
> how to write test scripts for it...
>
> Thanks.
>
> --
> There is no royal road to learning.
> HighGo Software Co.
>
--
There is no royal road to learning.
HighGo Software Co.
From | Date | Subject | |
---|---|---|---|
Next Message | Joel Jacobson | 2021-03-31 06:40:32 | [BUG] pg_identify_object_as_address() returns duplicate values |
Previous Message | Neil Chen | 2021-03-31 03:02:00 | Re: Inconsistent behavior of pg_dump/pg_restore on DEFAULT PRIVILEGES |
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2021-03-31 03:35:33 | Re: Lowering the ever-growing heap->pd_lower |
Previous Message | Greg Rychlewski | 2021-03-31 03:29:17 | Re: DROP INDEX docs - explicit lock naming |