Participants
Tom Lane
Tom Lane
Peter Eisentraut
Peter Eisentraut
Attachments

No attachments in this thread

Thread Outline
#1Tom LaneTom Lane
Feb 01, 2003
#2Peter EisentrautPeter Eisentrautto Tom Lane (#1)
Feb 10, 2003
#3Tom LaneTom Laneto Peter Eisentraut (#2)
Feb 10, 2003

pg_dump is broken by recent privileges changes

Started by Tom Lanealmost 23 years ago3 messages
#1Tom Lane
Tom Lane
tgl@sss.pgh.pa.us

In CVS tip, create an empty database. pg_dump it. Try to restore the
dump. The first thing it does is

REVOKE ALL ON SCHEMA public FROM PUBLIC;

which fails with

ERROR: dependent privileges exist (use CASCADE to revoke them too)

This message seems incorrect --- what is a dependent privilege, and
why would PUBLIC have any? All I see in pg_namespace is

public | 1 | {=UC/postgres}

Also, pg_dump itself seems confused --- the full text of a dump from
an empty DB is (omitting comment lines)

\connect - postgres
REVOKE ALL ON SCHEMA public FROM PUBLIC;
GRANT ALL ON SCHEMA public TO PUBLIC;
GRANT ALL ON SCHEMA public TO PUBLIC;
REVOKE ALL ON SCHEMA public FROM postgres;

which is not only inefficient but wrong, since public surely should
have privileges when the dust settles.

regards, tom lane

#2Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net
In reply to: Tom Lane (#1)
Re: pg_dump is broken by recent privileges changes

Tom Lane writes:

REVOKE ALL ON SCHEMA public FROM PUBLIC;

which fails with

ERROR: dependent privileges exist (use CASCADE to revoke them too)

Not here.

This message seems incorrect --- what is a dependent privilege, and
why would PUBLIC have any?

The term "dependent privilege" is explained on the REVOKE reference page.
And no, PUBLIC wouldn't ever have any.

Also, pg_dump itself seems confused --- the full text of a dump from
an empty DB is (omitting comment lines)

\connect - postgres
REVOKE ALL ON SCHEMA public FROM PUBLIC;
GRANT ALL ON SCHEMA public TO PUBLIC;
GRANT ALL ON SCHEMA public TO PUBLIC;
REVOKE ALL ON SCHEMA public FROM postgres;

which is not only inefficient but wrong, since public surely should
have privileges when the dust settles.

The second GRANT is a bug because the buffer wasn't cleared. The other
commands are correct as far as pg_dump is concerned. At the end the
privileges are exactly "=UC/postgres", which is what they are by default.

--
Peter Eisentraut peter_e@gmx.net

#3Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Peter Eisentraut (#2)
Re: pg_dump is broken by recent privileges changes

Peter Eisentraut <peter_e@gmx.net> writes:

Tom Lane writes:

REVOKE ALL ON SCHEMA public FROM PUBLIC;

which fails with

ERROR: dependent privileges exist (use CASCADE to revoke them too)

Not here.

[ scratches head ] Not here either; but it was definitely failing when
I wrote that message. I'll dig into it and see if I can figure out
what changed.

regards, tom lane

← Back to Topics