Allow to run pg_repack by non-superuser #431
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixed the bug that segmentation fault occurs when default_transaction_read_only is turned on during repacking. bug: #426
za-arthur
force-pushed
the
issue223_no_superuser_check
branch
from
14c784f
to
139895a
Compare
|
Ah, nice, comes with additional tests. I like that. |
za-arthur
force-pushed
the
issue223_no_superuser_check
branch
from
139895a
to
ecbc587
Compare
Now everybody how has access to repack_trigger() and repack_apply() and relevant objects can call that functions. Functions repack_swap(), repack_drop() and repack_index_swap() can be called by superuser and owners of a table. Cherry-pick the commit 326b6e1 to not cause segmentation fault when using -k option and not having enough permissions.
za-arthur
force-pushed
the
issue223_no_superuser_check
branch
from
ecbc587
to
a692b14
Compare
|
I'd like to merge the PR this week if no objections. |
This was referenced Nov 7, 2024
Closed
za-arthur
added a commit
to supabase/postgres
that referenced
this pull request
Nov 7, 2024
New version allows to run pg_repack by a non-superuser. PR on pg_repack repo: reorg/pg_repack#431
za-arthur
added a commit
to supabase/postgres
that referenced
this pull request
Nov 7, 2024
New version allows to run pg_repack by a non-superuser. PR on pg_repack repo: reorg/pg_repack#431
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The option
--no-superuser-checkallows to by-pass the check if the user is a superuser. That was done for users which run pg_repack on Amazon, where users cannot run it as a superuser.The problem is that the option
--no-superuser-checkworks only on the CLI level, skipping the check only by thepg_repackclient. But there are also checks done by the extension functions exported to SQL.The PR removes the check that the user is a superuser from functions
repack_trigger()andrepack_apply(). That check is redundant since queries executed by that functions can be executed by a user manually. Moreoverrepack_trigger()is aSECURITY DEFINERfunction, which means that it is executed with superuser privileges (pg_repackextension can be created only by superuser).The PR changes privilege check in functions
repack_swap(),repack_drop()andrepack_index_swap(). Now that functions can be run by an owner of a table. That check is necessary since_swapfunctions swap relfilenodes onpg_classsystem catalog table.repack_drop()acquires ACCESS EXCLUSIVE lock and therefore it also requires privilege check.Additionally I cherry-picked the commit 326b6e1 from the PR #427. Otherwise
pg_repackwill fall with segmentation fault in case of lack of permissions.Relevant issues: