'[GENERAL] giving a user permission to kill their processes only'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postgresql-general
Subject:    [GENERAL] giving a user permission to kill their processes only
From:       George Nychis <gnychis () cmu ! edu>
Date:       2007-02-28 20:19:26
Message-ID: 45E5E3CE.5000909 () cmu ! edu
[Download RAW message or body]

Hey all,

So the pg_cancel_backend() function by default is only available to super users, so I decided 
to write a wrapper function around, use a SECURITY DEFINER, and GRANT my user privilege to use 
the wrapper.

BEGIN;
CREATE FUNCTION kill_process(integer) RETURNS boolean AS 'select pg_cancel_backend($1);' 
LANGUAGE SQL SECURITY DEFINER;
REVOKE EXECUTE ON FUNCTION kill_process(integer) FROM PUBLIC;
COMMIT;
GRANT EXECUTE ON FUNCTION kill_process(integer) TO gnychis;

The problem with this is I can now kill other users postgresql processes.  I was wondering if 
anyone knows a way in which i can check that the postgres process being killed is running a 
query for that user?  Therefore, they can't kill queries in postgres processes started by other 
users.

Thanks!
George

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

               http://www.postgresql.org/docs/faq
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic