public inbox for [email protected]
help / color / mirror / Atom feedFrom: Chao Li <[email protected]>
To: PostgreSQL Hackers <[email protected]>
Subject: Fix wrong error message from pg_get_tablespace_ddl()
Date: Fri, 8 May 2026 16:14:40 +0800
Message-ID: <[email protected]> (raw)
Hi,
I started testing pg_get_tablespace_ddl(). While tracing pg_get_tablespace_ddl_internal(), I noticed that this error report must be wrong:
```
/* User must have SELECT privilege on pg_tablespace. */
if (pg_class_aclcheck(TableSpaceRelationId, GetUserId(), ACL_SELECT) != ACLCHECK_OK)
{
ReleaseSysCache(tuple);
aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_TABLESPACE, spcname);
}
```
The comment clearly says that SELECT privilege on pg_tablespace is required, but the error is reported against the target tablespace instead.
This is easy to reproduce:
```
evantest=# set allow_in_place_tablespaces = true;
SET
evantest=# create role r1;
CREATE ROLE
evantest=# create tablespace ts1 location '';
CREATE TABLESPACE
evantest=# revoke select on pg_tablespace from r1;
REVOKE
evantest=# set role r1;
SET
evantest=> select * from pg_get_tablespace_ddl('ts1');
ERROR: permission denied for tablespace ts1
```
Attached is a simple one-line fix. Attached is a simple one-line fix. I did not add a new test, as we usually try to avoid extending the test time for such a small fix. With the fix, the error message now looks like:
```
evantest=> select * from pg_get_tablespace_ddl('ts1');
ERROR: permission denied for table pg_tablespace
```
Oops, I was one of the reviewers of the original patch. Sorry for not finding this during review.
Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/
Attachments:
[application/octet-stream] v1-0001-Fix-wrong-error-message-from-pg_get_tablespace_dd.patch (1.3K, 2-v1-0001-Fix-wrong-error-message-from-pg_get_tablespace_dd.patch)
download | inline diff:
From 0ffd155eca7691b16fe799f43a776a7dc59f3b7c Mon Sep 17 00:00:00 2001
From: "Chao Li (Evan)" <[email protected]>
Date: Fri, 8 May 2026 15:53:23 +0800
Subject: [PATCH v1] Fix wrong error message from pg_get_tablespace_ddl()
pg_get_tablespace_ddl_internal() checks ACL_SELECT on the pg_tablespace
catalog relation before reading the tablespace tuple. However, when that
check failed, it reported the error as permission denied for the specific
tablespace object.
Report the failure as permission denied for table pg_tablespace instead,
matching the object on which the permission check was actually performed.
Author: Chao Li <[email protected]>
---
src/backend/utils/adt/ddlutils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/backend/utils/adt/ddlutils.c b/src/backend/utils/adt/ddlutils.c
index d6f55c48f37..11bf5ee5836 100644
--- a/src/backend/utils/adt/ddlutils.c
+++ b/src/backend/utils/adt/ddlutils.c
@@ -681,7 +681,7 @@ pg_get_tablespace_ddl_internal(Oid tsid, bool pretty, bool no_owner)
if (pg_class_aclcheck(TableSpaceRelationId, GetUserId(), ACL_SELECT) != ACLCHECK_OK)
{
ReleaseSysCache(tuple);
- aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_TABLESPACE, spcname);
+ aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_TABLE, "pg_tablespace");
}
/*
--
2.50.1 (Apple Git-155)
view thread (10+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Fix wrong error message from pg_get_tablespace_ddl()
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox