public inbox for [email protected]
help / color / mirror / Atom feedFrom: Nathan Bossart <[email protected]>
To: Tom Lane <[email protected]>
Cc: Euler Taveira <[email protected]>
Cc: Álvaro Rodríguez <[email protected]>
Cc: [email protected]
Cc: Javier Maellas <[email protected]>
Cc: Diego Revenga <[email protected]>
Cc: [email protected]
Subject: Re: pg_dumpall can't be restored with different bootstrap superuser
Date: Tue, 5 May 2026 14:40:49 -0500
Message-ID: <afpHwTR1IJypF1md@nathan> (raw)
In-Reply-To: <[email protected]>
References: <CA+C_kKWHMP4c56jx1BPvP1jmjp2pmBu0Cw07fPVECUmkJSnT4w@mail.gmail.com>
<[email protected]>
<[email protected]>
On Tue, May 05, 2026 at 03:10:47PM -0400, Tom Lane wrote:
> I don't think that pg_dumpall is to be blamed; this is the backend's
> fault. I thought we had made this better in dd1398f13, but it still
> seems rather bogus:
>
> [...]
> regression=# grant a to b granted by super;
> ERROR: permission denied to grant privileges as role "super"
> DETAIL: The grantor must have the ADMIN option on role "a".
>
> Surely a superuser should be considered to have admin options
> on everything.
I think this comes from commit ce6b672e44, which established the idea that
the bootstrap superuser was the "role owner".
> Even more bogus, compare these results:
>
> regression=# \c - super
> You are now connected to database "regression" as user "super".
> regression=# grant a to b granted by super;
> ERROR: permission denied to grant privileges as role "super"
> DETAIL: The grantor must have the ADMIN option on role "a".
>
> regression=# grant a to b;
> GRANT ROLE
>
> Anyone would think that "GRANTED BY current_user" has the
> same effect as omitting the clause, but here it doesn't.
Right. When omitted, check_role_grantor() uses the bootstrap superuser if
the current role is a superuser.
> So it seems to me that we're missing a superuserness check
> somewhere in this, but I'm not entirely sure which bit of
> code to blame.
>
> I agree that the answer for existing branches is probably
> going to be "so don't do that", but maybe we can improve
> this in v19 or later.
I've added Robert to the thread for his thoughts. I'm not sure how much
wiggle room we have in the current design to make things more lenient, but
I haven't investigated too deeply yet.
--
nathan
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: pg_dumpall can't be restored with different bootstrap superuser
In-Reply-To: <afpHwTR1IJypF1md@nathan>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox