ALTER DATABASE ... RENAME: permission denied for superuser

Started by Alexander M. Pravkingabout 21 years ago3 messagesbugs

fduch@antar.bryansk.ru

about 21 years ago

Docs say: Only the database owner or a superuser can rename a database;
non-superuser owners must also have the CREATEDB privilege.

Looks like a superuser must have CREATEDB too:

fduch@~=# SELECT usesuper, usecreatedb from pg_user where usename = 'fduch';
usesuper | usecreatedb
----------+-------------
t | f
(1 row)

fduch@~=# CREATE DATABASE test owner stat;
CREATE DATABASE
fduch@~=# ALTER DATABASE test RENAME TO work;
ERROR: permission denied to rename database
fduch@~=# ALTER DATABASE test OWNER TO fduch ;
ALTER DATABASE
fduch@~=# ALTER DATABASE test RENAME TO work;
ERROR: permission denied to rename database

At last:
fduch@~=# ALTER USER fduch CREATEDB ;
ALTER USER
fduch@~=# ALTER DATABASE test RENAME TO work;
ALTER DATABASE
fduch@~=# ALTER DATABASE work OWNER TO stat;
ALTER DATABASE
fduch@~=# ALTER DATABASE work RENAME TO test;
ALTER DATABASE

PostgreSQL 8.0.1 on i386-portbld-freebsd5.3, compiled by GCC cc (GCC) 3.4.2 [FreeBSD] 20040728

--
Fduch M. Pravking

Tom Lane

tgl@sss.pgh.pa.us

about 21 years ago

In reply to: Alexander M. Pravking (#1)

Re: ALTER DATABASE ... RENAME: permission denied for superuser

"Alexander M. Pravking" <fduch@antar.bryansk.ru> writes:

Docs say: Only the database owner or a superuser can rename a database;
non-superuser owners must also have the CREATEDB privilege.

Looks like a superuser must have CREATEDB too:

Yeah, the test in RenameDatabase is only looking at createdb and not at
superuserness. Seems like a bug to me --- or does anyone want to argue
that the code behavior is correct and the docs are wrong?

regards, tom lane

Bruce Momjian

bruce@momjian.us

about 21 years ago

In reply to: Alexander M. Pravking (#1)

Re: ALTER DATABASE ... RENAME: permission denied for superuser

Tom has fixed this bug and backpatched it back to 7.4.X.

---------------------------------------------------------------------------

Alexander M. Pravking wrote:

Docs say: Only the database owner or a superuser can rename a database;
non-superuser owners must also have the CREATEDB privilege.

Looks like a superuser must have CREATEDB too:

fduch@~=# SELECT usesuper, usecreatedb from pg_user where usename = 'fduch';
usesuper | usecreatedb
----------+-------------
t | f
(1 row)

fduch@~=# CREATE DATABASE test owner stat;
CREATE DATABASE
fduch@~=# ALTER DATABASE test RENAME TO work;
ERROR: permission denied to rename database
fduch@~=# ALTER DATABASE test OWNER TO fduch ;
ALTER DATABASE
fduch@~=# ALTER DATABASE test RENAME TO work;
ERROR: permission denied to rename database

At last:
fduch@~=# ALTER USER fduch CREATEDB ;
ALTER USER
fduch@~=# ALTER DATABASE test RENAME TO work;
ALTER DATABASE
fduch@~=# ALTER DATABASE work OWNER TO stat;
ALTER DATABASE
fduch@~=# ALTER DATABASE work RENAME TO test;
ALTER DATABASE

PostgreSQL 8.0.1 on i386-portbld-freebsd5.3, compiled by GCC cc (GCC) 3.4.2 [FreeBSD] 20040728

--
Fduch M. Pravking

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073