On Tue, Dec 18, 2018 at 06:16:14PM -0500, Tom Lane wrote:
> Tatsuo Ishii <is...@sraoss.co.jp> writes:
> > While translating the manual into Japanese, I had a hard time to
> > parse following sentence in func.sgml:
>
> > Note that granting users the EXECUTE privilege on the
> > <function>pg_read_file()</function>, or related, functions allows them
> > the
> > ability to read any file on the server which the database can read and
> > that those reads bypass all in-database privilege checks.
>
> > It seems there's an extra comma between "related" and "functions". Am I
> > correct?
>
> I'd move the comma not remove it; and I think "the pg_read_file()" is
> pretty bad English too. So perhaps
>
> Note that granting users the EXECUTE privilege on
> <function>pg_read_file()</function>, or related functions, allows them
> the
> ability to read any file on the server which the database can read and
> that those reads bypass all in-database privilege checks.
Maintaining parallelism:
Note that granting users the EXECUTE privilege on
<function>pg_read_file()</function>, or on related functions, allows them
the
ability to read any file on the server which the database can read and
that those reads bypass all in-database privilege checks.
Is there a useful distinction to be drawn between the files readable
by the system user who owns the database and those the database itself
can read?
Best,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
