When creating a function like this with a non-super user I am getting the error below:
在非超级用户中创建这样的函数时,我将得到以下错误:
ERROR: permission denied for language c SQL state: 42501
错误:拒绝语言c SQL状态的权限:42501。
The function created is :
所创建的函数为:
CREATE OR REPLACE FUNCTION dblink_connect (text)
RETURNS text
AS '$libdir/dblink','dblink_connect'
LANGUAGE C STRICT;
But if I wanted to give permission on language C to my non-super user, I am getting the error below: postgres=# grant usage on language c to caixa; ERROR: language "c" is not trusted
但是如果我想要给我的非超级用户提供语言C的许可,我将会得到以下错误:postgres=# grant在语言C语言上的使用;错误:语言“c”不可信。
That means, non-super user can't create function with language C? or is there anything else I am doing wrong?
那就是说,非超级用户不能用C语言创建函数?或者我做错了什么?
2 个解决方案
#1
29
That's right, according to doc:
根据医生的说法,这是对的。
Only superusers can create functions in untrusted languages
只有超级用户才能用不可信的语言创建函数。
Quick check:
快速检查:
SELECT lanpltrusted FROM pg_language WHERE lanname LIKE 'c';
lanpltrusted
--------------
f
(1 row)
If you really want this, then you could modify pg_language system catalog (ALTER LANGUAGE doesn't have such option):
如果您真的想要这个,那么您可以修改pg_language系统目录(ALTER LANGUAGE没有这样的选项):
UPDATE pg_language SET lanpltrusted = true WHERE lanname LIKE 'c';
#2
13
Instead of setting the language to trusted which is considered bad, and dangerous, you should rather use roles to provide superuser privilege temporarily to the user during the time he manipulates the stored procedures:
您应该使用角色来临时为用户提供超级用户特权,在他操作存储过程的时候,您应该使用角色来临时地向用户提供超级用户特权。
as superuser:
超级用户:
create role dba with superuser noinherit;
grant dba to user;
then logged-in as user you can set role dba
然后登录为用户,您可以设置角色dba。
And then you could create stored procedures in C while you temporarily have the role dba.
然后您可以在C中创建存储过程,而您暂时拥有角色dba。
reset role; when you're finished to come back to normal rights.
重置角色;当你完成了恢复正常的权利。
更多信息:https://dba.stackexchange.com/questions/37336/cannot-create-function-in-plpython3u-permission-denied
#1
29
That's right, according to doc:
根据医生的说法,这是对的。
Only superusers can create functions in untrusted languages
只有超级用户才能用不可信的语言创建函数。
Quick check:
快速检查:
SELECT lanpltrusted FROM pg_language WHERE lanname LIKE 'c';
lanpltrusted
--------------
f
(1 row)
If you really want this, then you could modify pg_language system catalog (ALTER LANGUAGE doesn't have such option):
如果您真的想要这个,那么您可以修改pg_language系统目录(ALTER LANGUAGE没有这样的选项):
UPDATE pg_language SET lanpltrusted = true WHERE lanname LIKE 'c';
#2
13
Instead of setting the language to trusted which is considered bad, and dangerous, you should rather use roles to provide superuser privilege temporarily to the user during the time he manipulates the stored procedures:
您应该使用角色来临时为用户提供超级用户特权,在他操作存储过程的时候,您应该使用角色来临时地向用户提供超级用户特权。
as superuser:
超级用户:
create role dba with superuser noinherit;
grant dba to user;
then logged-in as user you can set role dba
然后登录为用户,您可以设置角色dba。
And then you could create stored procedures in C while you temporarily have the role dba.
然后您可以在C中创建存储过程,而您暂时拥有角色dba。
reset role; when you're finished to come back to normal rights.
重置角色;当你完成了恢复正常的权利。
更多信息:https://dba.stackexchange.com/questions/37336/cannot-create-function-in-plpython3u-permission-denied