mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* User management commands no longer user pg_exec_query_dest -> more robust

Browse Source 
* Let unprivileged users change their own passwords.

* The password is now an Sconst in the parser, which better reflects its text datatype and also
forces users to quote them.

* If your password is NULL you won't be written to the password file, meaning you can't connect
until you have a password set up (if you use password authentication).

* When you drop a user that owns a database you get an error. The database is not gone.
This commit is contained in:
Peter Eisentraut 2000-01-14 22:11:38 +00:00
parent 2af360ed1c
commit 4ceb2d0cb6
18 changed files with 1153 additions and 781 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/src/sgml/Makefile
View File

@ -8,7 +8,7 @@
# #
# #
# IDENTIFICATION # IDENTIFICATION
# $Header: /cvsroot/pgsql/doc/src/sgml/Makefile,v 1.12 1999/12/05 20:21:59 momjian Exp $ # $Header: /cvsroot/pgsql/doc/src/sgml/Makefile,v 1.13 2000/01/14 22:11:31 petere Exp $
# #
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
@ -85,15 +85,17 @@ APPLICATIONS= createdb.sgml createuser.sgml \
psql-ref.sgml \ psql-ref.sgml \
vacuumdb.sgml vacuumdb.sgml
COMMANDS= abort.sgml alter_table.sgml alter_user.sgml \ COMMANDS= abort.sgml alter_group.sgml alter_table.sgml alter_user.sgml \
begin.sgml \ begin.sgml \
close.sgml cluster.sgml commit.sgml copy.sgml \ close.sgml cluster.sgml commit.sgml copy.sgml \
create_aggregate.sgml create_database.sgml create_function.sgml create_index.sgml \ create_aggregate.sgml create_database.sgml create_function.sgml create_group.sgml \
create_index.sgml \
create_language.sgml create_operator.sgml create_rule.sgml create_sequence.sgml \ create_language.sgml create_operator.sgml create_rule.sgml create_sequence.sgml \
create_table.sgml create_table_as.sgml create_trigger.sgml create_type.sgml \ create_table.sgml create_table_as.sgml create_trigger.sgml create_type.sgml \
create_user.sgml create_view.sgml \ create_user.sgml create_view.sgml \
declare.sgml delete.sgml \ declare.sgml delete.sgml \
drop_aggregate.sgml drop_database.sgml drop_function.sgml drop_index.sgml \ drop_aggregate.sgml drop_database.sgml drop_function.sgml drop_group.sgml \
drop_index.sgml \
drop_language.sgml drop_operator.sgml drop_rule.sgml drop_sequence.sgml \ drop_language.sgml drop_operator.sgml drop_rule.sgml drop_sequence.sgml \
drop_table.sgml drop_trigger.sgml drop_type.sgml drop_user.sgml drop_view.sgml \ drop_table.sgml drop_trigger.sgml drop_type.sgml drop_user.sgml drop_view.sgml \
explain.sgml fetch.sgml grant.sgml \ explain.sgml fetch.sgml grant.sgml \

5
doc/src/sgml/ref/allfiles.sgml
View File

@ -1,5 +1,5 @@
<!-- <!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.14 1999/12/05 20:02:42 momjian Exp $ $Header: /cvsroot/pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.15 2000/01/14 22:11:32 petere Exp $
Postgres documentation Postgres documentation
Complete list of usable sgml source files in this directory. Complete list of usable sgml source files in this directory.
--> -->
@ -40,6 +40,7 @@ Complete list of usable sgml source files in this directory.
<!-- these are in the "commands" reference chapter --> <!-- these are in the "commands" reference chapter -->
<!entity abort system "abort.sgml"> <!entity abort system "abort.sgml">
<!entity alterGroup system "alter_group.sgml">
<!entity alterTable system "alter_table.sgml"> <!entity alterTable system "alter_table.sgml">
<!entity alterUser system "alter_user.sgml"> <!entity alterUser system "alter_user.sgml">
<!entity begin system "begin.sgml"> <!entity begin system "begin.sgml">
@ -50,6 +51,7 @@ Complete list of usable sgml source files in this directory.
<!entity createAggregate system "create_aggregate.sgml"> <!entity createAggregate system "create_aggregate.sgml">
<!entity createDatabase system "create_database.sgml"> <!entity createDatabase system "create_database.sgml">
<!entity createFunction system "create_function.sgml"> <!entity createFunction system "create_function.sgml">
<!entity createGroup system "create_group.sgml">
<!entity createIndex system "create_index.sgml"> <!entity createIndex system "create_index.sgml">
<!entity createLanguage system "create_language.sgml"> <!entity createLanguage system "create_language.sgml">
<!entity createOperator system "create_operator.sgml"> <!entity createOperator system "create_operator.sgml">
@ -66,6 +68,7 @@ Complete list of usable sgml source files in this directory.
<!entity dropAggregate system "drop_aggregate.sgml"> <!entity dropAggregate system "drop_aggregate.sgml">
<!entity dropDatabase system "drop_database.sgml"> <!entity dropDatabase system "drop_database.sgml">
<!entity dropFunction system "drop_function.sgml"> <!entity dropFunction system "drop_function.sgml">
<!entity dropGroup system "drop_group.sgml">
<!entity dropIndex system "drop_index.sgml"> <!entity dropIndex system "drop_index.sgml">
<!entity dropLanguage system "drop_language.sgml"> <!entity dropLanguage system "drop_language.sgml">
<!entity dropOperator system "drop_operator.sgml"> <!entity dropOperator system "drop_operator.sgml">

162
doc/src/sgml/ref/alter_group.sgml Normal file
View File

@ -0,0 +1,162 @@
<!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/alter_group.sgml,v 1.1 2000/01/14 22:11:32 petere Exp $
Postgres documentation
-->
<refentry id="SQL-ALTERGROUP">
<refmeta>
<refentrytitle id="SQL-ALTERGROUP-title">
ALTER GROUP
</refentrytitle>
<refmiscinfo>SQL - Language Statements</refmiscinfo>
</refmeta>
<refnamediv>
<refname>
ALTER GROUP
</refname>
<refpurpose>
Add users to a group, remove users from a group
</refpurpose>
</refnamediv>
<refsynopsisdiv>
<refsynopsisdivinfo>
<date>2000-01-14</date>
</refsynopsisdivinfo>
<synopsis>
ALTER GROUP <replaceable class="PARAMETER">name</replaceable> ADD USER <replaceable class="PARAMETER">username</replaceable> [, ... ]
ALTER GROUP <replaceable class="PARAMETER">name</replaceable> DROP USER <replaceable class="PARAMETER">username</replaceable> [, ... ]
</synopsis>
<refsect2 id="R2-SQL-ALTERGROUP-1">
<refsect2info>
<date>2000-01-14</date>
</refsect2info>
<title>
Inputs
</title>
<para>
<variablelist>
<varlistentry>
<term><replaceable class="PARAMETER">name</replaceable></term>
<listitem>
<para>
The name of the group to modify.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable class="PARAMETER">username</replaceable></term>
<listitem>
<para>
Users which are to be added or removed from the group. The user
names must exist.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect2>
<refsect2 id="R2-SQL-ALTERGROUP-2">
<refsect2info>
<date>2000-01-14</date>
</refsect2info>
<title>
Outputs
</title>
<para>
<variablelist>
<varlistentry>
<term><computeroutput>ALTER GROUP</computeroutput></term>
<listitem>
<para>
Message returned if the alteration was successful.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect2>
</refsynopsisdiv>
<refsect1 id="R1-SQL-ALTERGROUP-1">
<refsect1info>
<date>2000-01-14</date>
</refsect1info>
<title>
Description
</title>
<para>
<command>ALTER GROUP</command> is used to change add users to a group or
remove them from a group. Only database superusers can use this command.
Adding a user to a group does not create the user. Similarly, removing
a user from a group does not drop the user itself.
</para>
<para>
Use <xref linkend="SQL-CREATEGROUP" endterm="SQL-CREATEGROUP-title">
to create a new group and <xref linkend="SQL-DROPGROUP"
endterm="SQL-DROPGROUP-title"> to remove a group.
</para>
</refsect1>
<refsect1 id="R1-SQL-ALTERGROUP-2">
<title>
Usage
</title>
<para>
Add users to a group:
<programlisting>
ALTER GROUP staff ADD USER karl, john
</programlisting>
Remove a user from a group
<programlisting>
ALTER GROUP workers DROP USER beth
</programlisting>
</para>
</refsect1>
<refsect1 id="R1-SQL-ALTERGROUP-3">
<title>
Compatibility
</title>
<refsect2 id="R2-SQL-ALTERGROUP-4">
<refsect2info>
<date>2000-01-14</date>
</refsect2info>
<title>
SQL92
</title>
<para>
There is no <command>ALTER GROUP</command> statement in
<acronym>SQL92</acronym>. The concept of roles is
similar.
</para>
</refsect2>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:nil
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:"../reference.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:"/usr/lib/sgml/catalog"
sgml-local-ecat-files:nil
End:
-->

109
doc/src/sgml/ref/alter_user.sgml
View File

@ -1,5 +1,5 @@
<!-- <!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/alter_user.sgml,v 1.9 1999/11/30 03:57:22 momjian Exp $ $Header: /cvsroot/pgsql/doc/src/sgml/ref/alter_user.sgml,v 1.10 2000/01/14 22:11:32 petere Exp $
Postgres documentation Postgres documentation
--> -->
@ -24,11 +24,8 @@ Postgres documentation
</refsynopsisdivinfo> </refsynopsisdivinfo>
<synopsis> <synopsis>
ALTER USER <replaceable class="PARAMETER">username</replaceable> ALTER USER <replaceable class="PARAMETER">username</replaceable>
[ WITH [ WITH PASSWORD '<replaceable class="PARAMETER">password</replaceable>' ]
[ SYSID <replaceable class="PARAMETER">uid</replaceable> ]
[ PASSWORD <replaceable class="PARAMETER">password</replaceable> ] ]
[ CREATEDB | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ] [ CREATEDB | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ]
[ IN GROUP <replaceable class="PARAMETER">groupname</replaceable> [, ...] ]
[ VALID UNTIL '<replaceable class="PARAMETER">abstime</replaceable>' ] [ VALID UNTIL '<replaceable class="PARAMETER">abstime</replaceable>' ]
</synopsis> </synopsis>
@ -40,24 +37,19 @@ ALTER USER <replaceable class="PARAMETER">username</replaceable>
Inputs Inputs
</title> </title>
<para>
Refer to <command>CREATE USER</command> for a detailed description of each
clause.
</para>
<para> <para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><replaceable class="PARAMETER"> username </replaceable></term> <term><replaceable class="PARAMETER">username</replaceable></term>
<listitem> <listitem>
<para> <para>
The Postgres account name of the user whose details are to be altered. The name of the user whose details are to be altered.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><replaceable class="PARAMETER"> password </replaceable></term> <term><replaceable class="PARAMETER">password</replaceable></term>
<listitem> <listitem>
<para> <para>
The new password to be used for this account. The new password to be used for this account.
@ -66,36 +58,36 @@ ALTER USER <replaceable class="PARAMETER">username</replaceable>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><replaceable class="parameter">uid</replaceable></term> <term>CREATEDB</term>
<term>NOCREATEDB</term>
<listitem> <listitem>
<para> <para>
The new <productname>PostgreSQL</productname> user id of the user. These clauses define a user's ability to create databases.
Since this number is used as a key into the If CREATEDB is specified, the user being defined will
<literal>pg_shadow</literal>/<literal>pg_user</literal> table be allowed to create his own databases. Using NOCREATEDB
throughout the system catalogs, it is not recommended that you change will deny a user the ability to create databases.
it unless the user in question does not own anything at all and/or
you really know what you are doing. Note that it is not necessary that
database and <acronym>UNIX</acronym> user ids match, but some people
choose to keep the numbers the same.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><replaceable class="PARAMETER"> groupname </replaceable></term> <term>CREATEUSER</term>
<term>NOCREATEUSER</term>
<listitem> <listitem>
<para> <para>
The name of an access group into which this account is to be put. These clauses determine whether a user will be permitted to
create new users himself. This option will also make the user
a superuser who can override all access restrictions.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><replaceable class="PARAMETER"> abstime </replaceable></term> <term><replaceable class="PARAMETER">abstime</replaceable></term>
<listitem> <listitem>
<para> <para>
The date (and, optionally, the time) The date (and, optionally, the time)
at which this user's access is to be terminated. at which this user's password is to expire.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -113,9 +105,7 @@ ALTER USER <replaceable class="PARAMETER">username</replaceable>
<para> <para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><computeroutput> <term><computeroutput>ALTER USER</computeroutput></term>
ALTER USER
</computeroutput></term>
<listitem> <listitem>
<para> <para>
Message returned if the alteration was successful. Message returned if the alteration was successful.
@ -125,7 +115,7 @@ ALTER USER
<varlistentry> <varlistentry>
<term><computeroutput> <term><computeroutput>
ERROR: alterUser: user "username" does not exist ERROR: ALTER USER: user "username" does not exist
</computeroutput></term> </computeroutput></term>
<listitem> <listitem>
<para> <para>
@ -148,39 +138,15 @@ ERROR: alterUser: user "username" does not exist
</title> </title>
<para> <para>
<command>ALTER USER</command> is used to change the attributes of a user's <command>ALTER USER</command> is used to change the attributes of a user's
<productname>Postgres</productname> account. <productname>PostgreSQL</productname> account. Only a database superuser
Also, it is only possible for the can change privileges and password expiration with this command. Ordinary
<productname>Postgres</productname> users can only change their own password.
user or any user with read and modify permissions on
<literal>pg_shadow</literal> to alter user passwords.
</para> </para>
<para> <para>
If any of the clauses of the alter user statement are Use <xref linkend="SQL-CREATEUSER" endterm="SQL-CREATEUSER-title">
omitted, the corresponding value in the <literal>pg_shadow</literal> table to create a new user and <xref linkend="SQL-DROPUSER"
is left unchanged. endterm="SQL-DROPUSER-title"> to remove a user.
</para> </para>
<refsect2 id="R2-SQL-ALTERUSER-3">
<refsect2info>
<date>1998-09-08</date>
</refsect2info>
<title>
Notes
</title>
<para>
<command>ALTER USER</command>
is a <productname>Postgres</productname>
language extension.
</para>
<para>
Refer to <command>CREATE/DROP USER</command>
to create or remove a user account.
</para>
<para>
The IN GROUP clause is not yet implemented.
</para>
</refsect2>
</refsect1> </refsect1>
<refsect1 id="R1-SQL-ALTERUSER-2"> <refsect1 id="R1-SQL-ALTERUSER-2">
@ -190,34 +156,29 @@ ERROR: alterUser: user "username" does not exist
<para> <para>
Change a user password: Change a user password:
<programlisting> <programlisting>
ALTER USER davide WITH PASSWORD hu8jmn3; ALTER USER davide WITH PASSWORD 'hu8jmn3';
</programlisting> </programlisting>
Change a user's valid until date Change a user's valid until date
<programlisting> <programlisting>
ALTER USER manuel VALID UNTIL 'Jan 31 2030'; ALTER USER manuel VALID UNTIL 'Jan 31 2030';
</programlisting> </programlisting>
Change a user's valid until date, specifying that his Change a user's valid until date, specifying that his
authorisation should expire at midday on 4th May 1998 using authorisation should expire at midday on 4th May 1998 using
the time zone which is one hour ahead of UTC the time zone which is one hour ahead of UTC
<programlisting> <programlisting>
ALTER USER chris VALID UNTIL 'May 4 12:00:00 1998 +1'; ALTER USER chris VALID UNTIL 'May 4 12:00:00 1998 +1';
</programlisting> </programlisting>
Give a user the ability to create other users and new databases. Give a user the ability to create other users and new databases.
<programlisting> <programlisting>
ALTER USER miriam CREATEUSER CREATEDB; ALTER USER miriam CREATEUSER CREATEDB;
</programlisting> </programlisting>
Place a user in two groups
<programlisting>
ALTER USER miriam IN GROUP sales, payroll;
</programlisting>
</para> </para>
</refsect1> </refsect1>

5
doc/src/sgml/ref/commands.sgml
View File

@ -1,5 +1,5 @@
<!-- <!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/commands.sgml,v 1.21 1999/12/05 20:02:42 momjian Exp $ $Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/commands.sgml,v 1.22 2000/01/14 22:11:32 petere Exp $
Postgres documentation Postgres documentation
--> -->
@ -14,6 +14,7 @@ Postgres documentation
</abstract> </abstract>
&abort; &abort;
&alterGroup;
&alterTable; &alterTable;
&alterUser; &alterUser;
&begin; &begin;
@ -24,6 +25,7 @@ Postgres documentation
&createAggregate; &createAggregate;
&createDatabase; &createDatabase;
&createFunction; &createFunction;
&createGroup;
&createIndex; &createIndex;
&createLanguage; &createLanguage;
&createOperator; &createOperator;
@ -40,6 +42,7 @@ Postgres documentation
&dropAggregate; &dropAggregate;
&dropDatabase; &dropDatabase;
&dropFunction; &dropFunction;
&dropGroup;
&dropIndex; &dropIndex;
&dropLanguage; &dropLanguage;
&dropOperator; &dropOperator;

176
doc/src/sgml/ref/create_group.sgml Normal file
View File

@ -0,0 +1,176 @@
<!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_group.sgml,v 1.1 2000/01/14 22:11:32 petere Exp $
Postgres documentation
-->
<refentry id="SQL-CREATEGROUP">
<refmeta>
<refentrytitle id="sql-creategroup-title">
CREATE GROUP
</refentrytitle>
<refmiscinfo>SQL - Language Statements</refmiscinfo>
</refmeta>
<refnamediv>
<refname>
CREATE GROUP
</refname>
<refpurpose>
Creates a new group
</refpurpose>
</refnamediv>
<refsynopsisdiv>
<refsynopsisdivinfo>
<date>2000-01-14</date>
</refsynopsisdivinfo>
<synopsis>
CREATE GROUP <replaceable class="PARAMETER">name</replaceable>
[ WITH
[ SYSID <replaceable class="PARAMETER">gid</replaceable> ]
[ USER <replaceable class="PARAMETER">username</replaceable> [, ...] ] ]
</synopsis>
<refsect2 id="R2-SQL-CREATEGROUP-1">
<refsect2info>
<date>2000-01-14</date>
</refsect2info>
<title>
Inputs
</title>
<para>
<variablelist>
<varlistentry>
<term><replaceable class="parameter">name</replaceable></term>
<listitem>
<para>
The name of the group.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable class="parameter">gid</replaceable></term>
<listitem>
<para>
The <literal>SYSID</literal> clause can be used to choose
the <productname>PostgreSQL</productname> group id of the new
group. It is not necessary to do so, however.
</para>
<para>
If this is not specified, the highest assigned group id plus one,
starting at 1, will be used as default.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable class="parameter">username</replaceable></term>
<listitem>
<para>
A list of users to include in the group. The users must already exist.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect2>
<refsect2 id="R2-SQL-CREATEGROUP-2">
<refsect2info>
<date>2000-01-14</date>
</refsect2info>
<title>
Outputs
</title>
<para>
<variablelist>
<varlistentry>
<term><computeroutput>CREATE GROUP</computeroutput></term>
<listitem>
<para>
Message returned if the command completes successfully.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect2>
</refsynopsisdiv>
<refsect1 id="R1-SQL-CREATEGROUP-1">
<refsect1info>
<date>2000-01-14</date>
</refsect1info>
<title>
Description
</title>
<para>
CREATE GROUP will create a new group in the database installation.
Refer to the adminstrator's guide for information about using groups
for authentication.
You must be a database superuser to use this command.
</para>
<para>
Use <xref linkend="SQL-ALTERGROUP" endterm="SQL-ALTERGROUP-title">
to change a group's membership, and <xref linkend="SQL-DROPGROUP"
endterm="SQL-DROPGROUP-title"> to remove a group.
</para>
</refsect1>
<refsect1 id="R1-SQL-CREATEGROUP-2">
<title>
Usage
</title>
<para>
Create an empty group:
<programlisting>
CREATE GROUP staff
</programlisting>
</para>
<para>
Create a group with members:
<programlisting>
CREATE GROUP marketing WITH USER jonathan, david
</programlisting>
</para>
</refsect1>
<refsect1 id="R1-SQL-CREATEGROUP-3">
<title>
Compatibility
</title>
<refsect2 id="R2-SQL-CREATEGROUP-4">
<refsect2info>
<date>2000-01-14</date>
</refsect2info>
<title>
SQL92
</title>
<para>
There is no <command>CREATE GROUP</command> statement in SQL92.
Roles are similar in concept to groups.
</para>
</refsect2>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:nil
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:"../reference.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:"/usr/lib/sgml/catalog"
sgml-local-ecat-files:nil
End:
-->

135
doc/src/sgml/ref/create_user.sgml
View File

@ -1,5 +1,5 @@
<!-- <!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_user.sgml,v 1.12 1999/12/04 05:03:49 momjian Exp $ $Header: /cvsroot/pgsql/doc/src/sgml/ref/create_user.sgml,v 1.13 2000/01/14 22:11:32 petere Exp $
Postgres documentation Postgres documentation
--> -->
@ -15,7 +15,7 @@ Postgres documentation
CREATE USER CREATE USER
</refname> </refname>
<refpurpose> <refpurpose>
Creates account information for a new user Creates a new database user
</refpurpose> </refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>
@ -26,7 +26,7 @@ Postgres documentation
CREATE USER <replaceable class="PARAMETER">username</replaceable> CREATE USER <replaceable class="PARAMETER">username</replaceable>
[ WITH [ WITH
[ SYSID <replaceable class="PARAMETER">uid</replaceable> ] [ SYSID <replaceable class="PARAMETER">uid</replaceable> ]
[ PASSWORD <replaceable class="PARAMETER">password</replaceable> ] ] [ PASSWORD '<replaceable class="PARAMETER">password</replaceable>' ] ]
[ CREATEDB | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ] [ CREATEDB | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ]
[ IN GROUP <replaceable class="PARAMETER">groupname</replaceable> [, ...] ] [ IN GROUP <replaceable class="PARAMETER">groupname</replaceable> [, ...] ]
[ VALID UNTIL '<replaceable class="PARAMETER">abstime</replaceable>' ] [ VALID UNTIL '<replaceable class="PARAMETER">abstime</replaceable>' ]
@ -61,13 +61,6 @@ CREATE USER <replaceable class="PARAMETER">username</replaceable>
match the <acronym>UNIX</acronym> user ids, but some people match the <acronym>UNIX</acronym> user ids, but some people
choose to keep the numbers the same. choose to keep the numbers the same.
</para> </para>
<para>
If you still want the
OS user id and the <filename>usesysid</filename> to match
for any given user,
use the <application>createuser</application> script provided with
the <productname>Postgres</productname> distribution.
</para>
<para> <para>
If this is not specified, the highest assigned user id plus one If this is not specified, the highest assigned user id plus one
will be used as default. will be used as default.
@ -79,30 +72,11 @@ CREATE USER <replaceable class="PARAMETER">username</replaceable>
<term><replaceable class="parameter">password</replaceable></term> <term><replaceable class="parameter">password</replaceable></term>
<listitem> <listitem>
<para> <para>
The PASSWORD clause sets the user's password within Sets the user's password. If you do not plan to use password
the "<filename>pg_shadow</filename>" table. For this reason, authentication you can omit this option, otherwise the user
<filename>"pg_shadow</filename>" is no won't be able to connect to a password-authenticated server.
longer accessible to the instance of See pg_hba.conf(5) or the administrator's guide for details on
<productname>Postgres</productname> that the how to set up authentication mechanisms.
<productname>Postgres</productname>
user's password is initially set to NULL.
</para>
<para>
When a
user's password in the "<filename>pg_shadow</filename>"
table is NULL, user
authentication proceeds as it historically has (HBA,
PG_PASSWORD, etc). However, if a password is set for a
user, a new authentication system supplants any other
configured for the <productname>Postgres</productname>
instance, and the password
stored in the "<filename>pg_shadow</filename>" table is used
for authentication.
For more details on how this authentication system
functions see pg_crypt(3). If the WITH PASSWORD clause is
omitted, the user's password is set to the empty
string which equates to a NULL value in the authentication
system mentioned above.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -127,8 +101,8 @@ CREATE USER <replaceable class="PARAMETER">username</replaceable>
<listitem> <listitem>
<para> <para>
These clauses determine whether a user will be permitted to These clauses determine whether a user will be permitted to
create new create new users himself. This option will also make the user
users in an instance of <productname>Postgres</productname>. a superuser who can override all access restrictions.
Omitting this clause will set the user's value of this Omitting this clause will set the user's value of this
attribute to be NOCREATEUSER. attribute to be NOCREATEUSER.
</para> </para>
@ -149,15 +123,8 @@ CREATE USER <replaceable class="PARAMETER">username</replaceable>
<listitem> <listitem>
<para> <para>
The VALID UNTIL clause sets an absolute time after which the The VALID UNTIL clause sets an absolute time after which the
user's <productname>Postgres</productname> user's password is no longer valid.
login is no longer valid. Please note that If this clause is omitted the login will be valid for all time.
if a user does not have a password defined in the
"<filename>pg_shadow</filename>"
table, the valid until date will not be checked
during user authentication. If this clause is omitted,
a NULL value is stored in "<filename>pg_shadow</filename>"
for this attribute,
and the login will be valid for all time.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -176,9 +143,7 @@ CREATE USER <replaceable class="PARAMETER">username</replaceable>
<para> <para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><computeroutput> <term><computeroutput>CREATE USER</computeroutput></term>
CREATE USER
</computeroutput></term>
<listitem> <listitem>
<para> <para>
Message returned if the command completes successfully. Message returned if the command completes successfully.
@ -199,61 +164,38 @@ CREATE USER
</title> </title>
<para> <para>
CREATE USER will add a new user to an instance of CREATE USER will add a new user to an instance of
<productname>PostgreSQL</productname>. <productname>PostgreSQL</productname>. Refer to the adminstrator's
guide for information about managing users and authentication.
You must be a database superuser to use this command.
</para>
<para>
Use <xref linkend="SQL-ALTERUSER" endterm="SQL-ALTERUSER-title">
to change a user's password and privileges, and <xref linkend="SQL-DROPUSER"
endterm="SQL-DROPUSER-title"> to remove a user.
Use <command>ALTER GROUP</command> to add or remove the user from other groups.
<productname>PostgreSQL</productname>
comes with a script <xref linkend="APP-CREATEUSER"
endterm="APP-CREATEUSER-title">
which has the same functionality as this command (in fact, it calls this command)
but can be run from the command shell.
</para> </para>
<refsect2 id="R2-SQL-CREATEUSER-3">
<refsect2info>
<date>1998-09-21</date>
</refsect2info>
<title>
Notes
</title>
<para>
<command>CREATE USER</command> statement is a
<productname>Postgres</productname> language extension.
</para>
<para>
Use <command>DROP USER</command> or <command>ALTER USER</command>
statements to remove or modify a user account.
</para>
<para>
Refer to the <filename>pg_shadow</filename> table for further information.
</para>
<programlisting>
Table "pg_shadow"
Attribute | Type | Extra
-------------+---------+-------
usename | name |
usesysid | int4 |
usecreatedb | bool |
usetrace | bool |
usesuper | bool |
usecatupd | bool |
passwd | text |
valuntil | abstime |
</programlisting>
</refsect2>
</refsect1> </refsect1>
<refsect1 id="R1-SQL-CREATEUSER-2"> <refsect1 id="R1-SQL-CREATEUSER-2">
<title> <title>
Usage Usage
</title> </title>
<para> <para>
Create a user with no password: Create a user with no password:
<programlisting>
<programlisting>
CREATE USER jonathan CREATE USER jonathan
</programlisting> </programlisting>
</para> </para>
<para> <para>
Create a user with a password: Create a user with a password:
<programlisting>
<programlisting> CREATE USER davide WITH PASSWORD 'jw8s0F4'
CREATE USER davide WITH PASSWORD "jw8s0F4" </programlisting>
</programlisting>
</para> </para>
<para> <para>
@ -261,17 +203,16 @@ CREATE USER davide WITH PASSWORD "jw8s0F4"
Note that after one second has ticked in 2002, the account is not Note that after one second has ticked in 2002, the account is not
valid: valid:
<programlisting> <programlisting>
CREATE USER miriam WITH PASSWORD "jw8s0F4" VALID UNTIL 'Jan 1 2002' CREATE USER miriam WITH PASSWORD 'jw8s0F4' VALID UNTIL 'Jan 1 2002'
</programlisting> </programlisting>
</para> </para>
<para> <para>
Create an account where the user can create databases: Create an account where the user can create databases:
<programlisting>
<programlisting> CREATE USER manuel WITH PASSWORD 'jw8s0F4' CREATEDB
CREATE USER manuel WITH PASSWORD "jw8s0F4" CREATEDB </programlisting>
</programlisting>
</para> </para>
</refsect1> </refsect1>

138
doc/src/sgml/ref/drop_group.sgml Normal file
View File

@ -0,0 +1,138 @@
<!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/drop_group.sgml,v 1.1 2000/01/14 22:11:32 petere Exp $
Postgres documentation
-->
<refentry id="SQL-DROPGROUP">
<refmeta>
<refentrytitle id="SQL-DROPGROUP-TITLE">
DROP GROUP
</refentrytitle>
<refmiscinfo>SQL - Language Statements</refmiscinfo>
</refmeta>
<refnamediv>
<refname>
DROP GROUP
</refname>
<refpurpose>
Removes a group
</refpurpose>
</refnamediv>
<refsynopsisdiv>
<refsynopsisdivinfo>
<date>2000-01-14</date>
</refsynopsisdivinfo>
<synopsis>
DROP GROUP <replaceable class="PARAMETER">name</replaceable>
</synopsis>
<refsect2 id="R2-SQL-DROPGROUP-1">
<refsect2info>
<date>2000-01-14</date>
</refsect2info>
<title>
Inputs
</title>
<para>
<variablelist>
<varlistentry>
<term><replaceable class="PARAMETER">name</replaceable></term>
<listitem>
<para>
The name of an existing group.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect2>
<refsect2 id="R2-SQL-DROPGROUP-2">
<refsect2info>
<date>2000-01-14</date>
</refsect2info>
<title>
Outputs
</title>
<para>
<variablelist>
<varlistentry>
<term><computeroutput>DROP GROUP</computeroutput></term>
<listitem>
<para>
The message returned if the group is successfully deleted.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect2>
</refsynopsisdiv>
<refsect1 id="R1-SQL-DROPGROUP-1">
<refsect1info>
<date>2000-01-14</date>
</refsect1info>
<title>
Description
</title>
<para>
<command>DROP GROUP</command> removes the specified group from the database.
The users in the group are not deleted.
</para>
<para>
Use <xref linkend="SQL-CREATEGROUP" endterm="SQL-CREATEGROUP-title">
to add new groups, and <xref linkend="SQL-ALTERGROUP"
endterm="SQL-ALTERGROUP-title"> to change a group's membership.
</para>
</refsect1>
<refsect1 id="R1-SQL-DROPGROUP-2">
<title>
Usage
</title>
<para>
To drop a group:
<programlisting>
DROP GROUP staff;
</programlisting>
</para>
</refsect1>
<refsect1 id="R1-SQL-DROPGROUP-3">
<title>
Compatibility
</title>
<refsect2 id="R2-SQL-DROPGROUP-4">
<refsect2info>
<date>2000-01-14</date>
</refsect2info>
<title>
SQL92
</title>
<para>
There is no <command>DROP GROUP</command> in <acronym>SQL92</acronym>.
</para>
</refsect2>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:nil
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:"../reference.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:"/usr/lib/sgml/catalog"
sgml-local-ecat-files:nil
End:
-->

65
doc/src/sgml/ref/drop_user.sgml
View File

@ -1,5 +1,5 @@
<!-- <!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/drop_user.sgml,v 1.9 1999/12/07 22:41:41 momjian Exp $ $Header: /cvsroot/pgsql/doc/src/sgml/ref/drop_user.sgml,v 1.10 2000/01/14 22:11:32 petere Exp $
Postgres documentation Postgres documentation
--> -->
@ -15,7 +15,7 @@ Postgres documentation
DROP USER DROP USER
</refname> </refname>
<refpurpose> <refpurpose>
Removes an user account information Removes a user
</refpurpose> </refpurpose>
</refnamediv> </refnamediv>
<refsynopsisdiv> <refsynopsisdiv>
@ -58,18 +58,17 @@ DROP USER <replaceable class="PARAMETER">name</replaceable>
<para> <para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><computeroutput> <term><computeroutput>DROP USER</computeroutput></term>
DROP
</computeroutput></term>
<listitem> <listitem>
<para> <para>
The message returned if the user is successfully deleted. The message returned if the user is successfully deleted.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><computeroutput> <term><computeroutput>
ERROR: removeUser: user "<replaceable class="parameter">name</replaceable>" does not exist. ERROR: DROP USER: user "<replaceable class="parameter">name</replaceable>" does not exist
</computeroutput></term> </computeroutput></term>
<listitem> <listitem>
<para> <para>
@ -77,6 +76,18 @@ ERROR: removeUser: user "<replaceable class="parameter">name</replaceable>" does
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><computeroutput>
DROP USER: user "<replaceable class="parameter">name</replaceable>" owns database "<replaceable class="parameter">name</replaceable>", cannot be removed
</computeroutput></term>
<listitem>
<para>
You must drop the database first or change its ownership.
</para>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</para> </para>
</refsect2> </refsect2>
@ -90,30 +101,20 @@ ERROR: removeUser: user "<replaceable class="parameter">name</replaceable>" does
Description Description
</title> </title>
<para> <para>
<command>DROP USER</command> removes the specified <command>DROP USER</command> removes the specified user from the database.
user from the database, It does not remove tables, views, or other objects owned by the user. If the
along with any databases owned by the user. It user owns any database you get an error.
does not remove tables, views, or triggers owned by the </para>
named user in databases not owned by the user. <para>
Use <xref linkend="SQL-CREATEUSER" endterm="SQL-CREATEUSER-title">
to add new users, and <xref linkend="SQL-ALTERUSER"
endterm="SQL-ALTERUSER-title"> to change a user's properties.
<productname>PostgreSQL</productname>
comes with a script <xref linkend="APP-DROPUSER"
endterm="APP-DROPUSER-title">
which has the same functionality as this command (in fact, it calls this command)
but can be run from the command shell.
</para> </para>
<refsect2 id="R2-SQL-DROPUSER-3">
<refsect2info>
<date>1998-09-22</date>
</refsect2info>
<title>
Notes
</title>
<para>
<command>DROP USER</command> is a <productname>Postgres</productname>
language extension.
</para>
<para>
Refer to <command>CREATE USER</command> and
<command>ALTER USER</command> for information on
how to create or modify user accounts.
</para>
</refsect2>
</refsect1> </refsect1>
<refsect1 id="R1-SQL-DROPUSER-2"> <refsect1 id="R1-SQL-DROPUSER-2">
@ -122,9 +123,9 @@ ERROR: removeUser: user "<replaceable class="parameter">name</replaceable>" does
</title> </title>
<para> <para>
To drop a user account: To drop a user account:
<programlisting> <programlisting>
DROP USER Jonathan; DROP USER jonathan;
</programlisting> </programlisting>
</para> </para>
</refsect1> </refsect1>

21
src/backend/commands/copy.c
View File

@ -6,7 +6,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.94 1999/12/16 22:19:41 wieck Exp $ * $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.95 2000/01/14 22:11:33 petere Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -97,7 +97,11 @@ CopySendData(void *databuf, int datasize, FILE *fp)
fe_eof = true; fe_eof = true;
} }
else else
{
fwrite(databuf, datasize, 1, fp); fwrite(databuf, datasize, 1, fp);
if (ferror(fp))
elog(ERROR, "CopySendData: %s", strerror(errno));
}
} }
static void static void
@ -219,7 +223,7 @@ CopyDonePeek(FILE *fp, int c, int pickup)
void void
DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe, DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
char *filename, char *delim, char *null_print, int fileumask) char *filename, char *delim, char *null_print)
{ {
/*---------------------------------------------------------------------------- /*----------------------------------------------------------------------------
Either unload or reload contents of class <relname>, depending on <from>. Either unload or reload contents of class <relname>, depending on <from>.
@ -235,11 +239,6 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
If in the text format, delimit columns with delimiter <delim> and print If in the text format, delimit columns with delimiter <delim> and print
NULL values as <null_print>. NULL values as <null_print>.
<fileumask> is the umask(2) setting to use while creating an output file.
This should usually be more liberal than the backend's normal 077 umask,
but not always (in particular, "pg_pwd" should be written with 077!).
Up through version 6.5, <fileumask> was always 000, which was foolhardy.
When loading in the text format from an input stream (as opposed to When loading in the text format from an input stream (as opposed to
a file), recognize a "." on a line by itself as EOF. Also recognize a file), recognize a "." on a line by itself as EOF. Also recognize
a stream EOF. When unloading in the text format to an output stream, a stream EOF. When unloading in the text format to an output stream,
@ -272,12 +271,11 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
result = pg_aclcheck(relname, UserName, required_access); result = pg_aclcheck(relname, UserName, required_access);
if (result != ACLCHECK_OK) if (result != ACLCHECK_OK)
elog(ERROR, "%s: %s", relname, aclcheck_error_strings[result]); elog(ERROR, "%s: %s", relname, aclcheck_error_strings[result]);
else if (!pipe && !superuser()) if (!pipe && !superuser())
elog(ERROR, "You must have Postgres superuser privilege to do a COPY " elog(ERROR, "You must have Postgres superuser privilege to do a COPY "
"directly to or from a file. Anyone can COPY to stdout or " "directly to or from a file. Anyone can COPY to stdout or "
"from stdin. Psql's \\copy command also works for anyone."); "from stdin. Psql's \\copy command also works for anyone.");
else
{
if (from) if (from)
{ /* copy from file to database */ { /* copy from file to database */
if (rel->rd_rel->relkind == RELKIND_SEQUENCE) if (rel->rd_rel->relkind == RELKIND_SEQUENCE)
@ -324,7 +322,7 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
{ {
mode_t oumask; /* Pre-existing umask value */ mode_t oumask; /* Pre-existing umask value */
oumask = umask((mode_t) fileumask); oumask = umask((mode_t) 022);
#ifndef __CYGWIN32__ #ifndef __CYGWIN32__
fp = AllocateFile(filename, "w"); fp = AllocateFile(filename, "w");
#else #else
@ -350,7 +348,6 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
if (IsUnderPostmaster) if (IsUnderPostmaster)
pq_endcopyout(false); pq_endcopyout(false);
} }
}
/* /*
* Close the relation. If reading, we can release the AccessShareLock * Close the relation. If reading, we can release the AccessShareLock

939
src/backend/commands/user.c
View File

File diff suppressed because it is too large Load Diff

94
src/backend/parser/gram.y
View File

@ -10,7 +10,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.124 2000/01/13 18:26:07 petere Exp $ * $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.125 2000/01/14 22:11:34 petere Exp $
* *
* HISTORY * HISTORY
* AUTHOR DATE MAJOR EVENT * AUTHOR DATE MAJOR EVENT
@ -90,7 +90,6 @@ static Node *doNegate(Node *n);
char chr; char chr;
char *str; char *str;
bool boolean; bool boolean;
bool* pboolean; /* for pg_shadow privileges */
List *list; List *list;
Node *node; Node *node;
Value *value; Value *value;
@ -137,11 +136,11 @@ static Node *doNegate(Node *n);
%type <ival> opt_lock, lock_type %type <ival> opt_lock, lock_type
%type <boolean> opt_lmode %type <boolean> opt_lmode
%type <pboolean> user_createdb_clause, user_createuser_clause %type <ival> user_createdb_clause, user_createuser_clause
%type <str> user_passwd_clause %type <str> user_passwd_clause
%type <ival> sysid_clause %type <ival> sysid_clause
%type <str> user_valid_clause %type <str> user_valid_clause
%type <list> user_group_list, user_group_clause, users_in_new_group_clause %type <list> user_list, user_group_clause, users_in_new_group_clause
%type <boolean> TriggerActionTime, TriggerForSpec, PLangTrusted %type <boolean> TriggerActionTime, TriggerForSpec, PLangTrusted
@ -459,8 +458,8 @@ CreateUserStmt: CREATE USER UserId
n->user = $3; n->user = $3;
n->sysid = -1; n->sysid = -1;
n->password = NULL; n->password = NULL;
n->createdb = $4; n->createdb = $4 == +1 ? true : false;
n->createuser = $5; n->createuser = $5 == +1 ? true : false;
n->groupElts = $6; n->groupElts = $6;
n->validUntil = $7; n->validUntil = $7;
$$ = (Node *)n; $$ = (Node *)n;
@ -473,8 +472,8 @@ CreateUserStmt: CREATE USER UserId
n->user = $3; n->user = $3;
n->sysid = $5; n->sysid = $5;
n->password = $6; n->password = $6;
n->createdb = $7; n->createdb = $7 == +1 ? true : false;
n->createuser = $8; n->createuser = $8 == +1 ? true : false;
n->groupElts = $9; n->groupElts = $9;
n->validUntil = $10; n->validUntil = $10;
$$ = (Node *)n; $$ = (Node *)n;
@ -489,30 +488,26 @@ CreateUserStmt: CREATE USER UserId
*****************************************************************************/ *****************************************************************************/
AlterUserStmt: ALTER USER UserId user_createdb_clause AlterUserStmt: ALTER USER UserId user_createdb_clause
user_createuser_clause user_group_clause user_valid_clause user_createuser_clause user_valid_clause
{ {
AlterUserStmt *n = makeNode(AlterUserStmt); AlterUserStmt *n = makeNode(AlterUserStmt);
n->user = $3; n->user = $3;
n->sysid = -1;
n->password = NULL; n->password = NULL;
n->createdb = $4; n->createdb = $4;
n->createuser = $5; n->createuser = $5;
n->groupElts = $6; n->validUntil = $6;
n->validUntil = $7;
$$ = (Node *)n; $$ = (Node *)n;
} }
| ALTER USER UserId WITH sysid_clause user_passwd_clause | ALTER USER UserId WITH PASSWORD Sconst
user_createdb_clause user_createdb_clause
user_createuser_clause user_group_clause user_valid_clause user_createuser_clause user_valid_clause
{ {
AlterUserStmt *n = makeNode(AlterUserStmt); AlterUserStmt *n = makeNode(AlterUserStmt);
n->user = $3; n->user = $3;
n->sysid = $5;
n->password = $6; n->password = $6;
n->createdb = $7; n->createdb = $7;
n->createuser = $8; n->createuser = $8;
n->groupElts = $9; n->validUntil = $9;
n->validUntil = $10;
$$ = (Node *)n; $$ = (Node *)n;
} }
; ;
@ -524,53 +519,38 @@ AlterUserStmt: ALTER USER UserId user_createdb_clause
* *
*****************************************************************************/ *****************************************************************************/
DropUserStmt: DROP USER UserId DropUserStmt: DROP USER user_list
{ {
DropUserStmt *n = makeNode(DropUserStmt); DropUserStmt *n = makeNode(DropUserStmt);
n->user = $3; n->users = $3;
$$ = (Node *)n; $$ = (Node *)n;
} }
; ;
user_passwd_clause: PASSWORD UserId { $$ = $2; } user_passwd_clause: PASSWORD Sconst { $$ = $2; }
| /*EMPTY*/ { $$ = NULL; } | /*EMPTY*/ { $$ = NULL; }
; ;
sysid_clause: SYSID Iconst { $$ = $2; } sysid_clause: SYSID Iconst
{
if ($2 <= 0)
elog(ERROR, "sysid must be positive");
$$ = $2;
}
| /*EMPTY*/ { $$ = -1; } | /*EMPTY*/ { $$ = -1; }
; ;
user_createdb_clause: CREATEDB user_createdb_clause: CREATEDB { $$ = +1; }
{ | NOCREATEDB { $$ = -1; }
bool* b; | /*EMPTY*/ { $$ = 0; }
$$ = (b = (bool*)palloc(sizeof(bool)));
*b = true;
}
| NOCREATEDB
{
bool* b;
$$ = (b = (bool*)palloc(sizeof(bool)));
*b = false;
}
| /*EMPTY*/ { $$ = NULL; }
; ;
user_createuser_clause: CREATEUSER user_createuser_clause: CREATEUSER { $$ = +1; }
{ | NOCREATEUSER { $$ = -1; }
bool* b; | /*EMPTY*/ { $$ = 0; }
$$ = (b = (bool*)palloc(sizeof(bool)));
*b = true;
}
| NOCREATEUSER
{
bool* b;
$$ = (b = (bool*)palloc(sizeof(bool)));
*b = false;
}
| /*EMPTY*/ { $$ = NULL; }
; ;
user_group_list: user_group_list ',' UserId user_list: user_list ',' UserId
{ {
$$ = lcons((void*)makeString($3), $1); $$ = lcons((void*)makeString($3), $1);
} }
@ -580,7 +560,7 @@ user_group_list: user_group_list ',' UserId
} }
; ;
user_group_clause: IN GROUP user_group_list { $$ = $3; } user_group_clause: IN GROUP user_list { $$ = $3; }
| /*EMPTY*/ { $$ = NULL; } | /*EMPTY*/ { $$ = NULL; }
; ;
@ -615,7 +595,7 @@ CreateGroupStmt: CREATE GROUP UserId
} }
; ;
users_in_new_group_clause: USER user_group_list { $$ = $2; } users_in_new_group_clause: USER user_list { $$ = $2; }
| /* EMPTY */ { $$ = NULL; } | /* EMPTY */ { $$ = NULL; }
; ;
@ -626,17 +606,7 @@ users_in_new_group_clause: USER user_group_list { $$ = $2; }
* *
*****************************************************************************/ *****************************************************************************/
AlterGroupStmt: ALTER GROUP UserId WITH SYSID Iconst AlterGroupStmt: ALTER GROUP UserId ADD USER user_list
{
AlterGroupStmt *n = makeNode(AlterGroupStmt);
n->name = $3;
n->sysid = $6;
n->action = 0;
n->listUsers = NULL;
$$ = (Node *)n;
}
|
ALTER GROUP UserId ADD USER user_group_list
{ {
AlterGroupStmt *n = makeNode(AlterGroupStmt); AlterGroupStmt *n = makeNode(AlterGroupStmt);
n->name = $3; n->name = $3;
@ -646,7 +616,7 @@ AlterGroupStmt: ALTER GROUP UserId WITH SYSID Iconst
$$ = (Node *)n; $$ = (Node *)n;
} }
| |
ALTER GROUP UserId DROP USER user_group_list ALTER GROUP UserId DROP USER user_list
{ {
AlterGroupStmt *n = makeNode(AlterGroupStmt); AlterGroupStmt *n = makeNode(AlterGroupStmt);
n->name = $3; n->name = $3;

20
src/backend/tcop/utility.c
View File

@ -9,7 +9,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.77 2000/01/13 18:26:10 petere Exp $ * $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.78 2000/01/14 22:11:35 petere Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -266,11 +266,7 @@ ProcessUtility(Node *parsetree,
*/ */
stmt->filename, stmt->filename,
stmt->delimiter, stmt->delimiter,
stmt->null_print, stmt->null_print);
/*
* specify 022 umask while writing files with COPY.
*/
0022);
} }
break; break;
@ -775,21 +771,21 @@ ProcessUtility(Node *parsetree,
PS_SET_STATUS(commandTag = "CREATE USER"); PS_SET_STATUS(commandTag = "CREATE USER");
CHECK_IF_ABORTED(); CHECK_IF_ABORTED();
DefineUser((CreateUserStmt *) parsetree, dest); CreateUser((CreateUserStmt *) parsetree);
break; break;
case T_AlterUserStmt: case T_AlterUserStmt:
PS_SET_STATUS(commandTag = "ALTER USER"); PS_SET_STATUS(commandTag = "ALTER USER");
CHECK_IF_ABORTED(); CHECK_IF_ABORTED();
AlterUser((AlterUserStmt *) parsetree, dest); AlterUser((AlterUserStmt *) parsetree);
break; break;
case T_DropUserStmt: case T_DropUserStmt:
PS_SET_STATUS(commandTag = "DROP USER"); PS_SET_STATUS(commandTag = "DROP USER");
CHECK_IF_ABORTED(); CHECK_IF_ABORTED();
RemoveUser(((DropUserStmt *) parsetree)->user, dest); DropUser((DropUserStmt *) parsetree);
break; break;
case T_LockStmt: case T_LockStmt:
@ -810,21 +806,21 @@ ProcessUtility(Node *parsetree,
PS_SET_STATUS(commandTag = "CREATE GROUP"); PS_SET_STATUS(commandTag = "CREATE GROUP");
CHECK_IF_ABORTED(); CHECK_IF_ABORTED();
CreateGroup((CreateGroupStmt *) parsetree, dest); CreateGroup((CreateGroupStmt *) parsetree);
break; break;
case T_AlterGroupStmt: case T_AlterGroupStmt:
PS_SET_STATUS(commandTag = "ALTER GROUP"); PS_SET_STATUS(commandTag = "ALTER GROUP");
CHECK_IF_ABORTED(); CHECK_IF_ABORTED();
AlterGroup((AlterGroupStmt *) parsetree, dest); AlterGroup((AlterGroupStmt *) parsetree, "ALTER GROUP");
break; break;
case T_DropGroupStmt: case T_DropGroupStmt:
PS_SET_STATUS(commandTag = "DROP GROUP"); PS_SET_STATUS(commandTag = "DROP GROUP");
CHECK_IF_ABORTED(); CHECK_IF_ABORTED();
DropGroup((DropGroupStmt *) parsetree, dest); DropGroup((DropGroupStmt *) parsetree);
break; break;
/* /*

7
src/backend/utils/misc/superuser.c
View File

@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/misc/superuser.c,v 1.12 1999/11/24 16:52:45 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/utils/misc/superuser.c,v 1.13 2000/01/14 22:11:36 petere Exp $
* *
* DESCRIPTION * DESCRIPTION
* See superuser(). * See superuser().
@ -18,6 +18,7 @@
#include "postgres.h" #include "postgres.h"
#include "catalog/pg_shadow.h" #include "catalog/pg_shadow.h"
#include "utils/syscache.h" #include "utils/syscache.h"
#include "miscadmin.h"
bool bool
superuser(void) superuser(void)
@ -26,12 +27,10 @@ superuser(void)
The Postgres user running this command has Postgres superuser The Postgres user running this command has Postgres superuser
privileges. privileges.
--------------------------------------------------------------------------*/ --------------------------------------------------------------------------*/
extern char *UserName; /* defined in global.c */
HeapTuple utup; HeapTuple utup;
utup = SearchSysCacheTuple(SHADOWNAME, utup = SearchSysCacheTuple(SHADOWNAME,
PointerGetDatum(UserName), PointerGetDatum(GetPgUserName()),
0, 0, 0); 0, 0, 0);
Assert(utup != NULL); Assert(utup != NULL);
return ((Form_pg_shadow) GETSTRUCT(utup))->usesuper; return ((Form_pg_shadow) GETSTRUCT(utup))->usesuper;

4
src/bin/scripts/createuser
View File

@ -8,7 +8,7 @@
# #
# #
# IDENTIFICATION # IDENTIFICATION
# $Header: /cvsroot/pgsql/src/bin/scripts/Attic/createuser,v 1.5 2000/01/12 19:36:36 petere Exp $ # $Header: /cvsroot/pgsql/src/bin/scripts/Attic/createuser,v 1.6 2000/01/14 22:11:36 petere Exp $
# #
# Note - this should NOT be setuid. # Note - this should NOT be setuid.
# #
@ -193,7 +193,7 @@ QUERY="CREATE USER \"$NewUser\""
SUBQUERY= SUBQUERY=
[ "$SysID" ] && SUBQUERY="$SUBQUERY SYSID $SysID" [ "$SysID" ] && SUBQUERY="$SUBQUERY SYSID $SysID"
[ "$Password" ] && SUBQUERY="$SUBQUERY PASSWORD \"$Password\"" [ "$Password" ] && SUBQUERY="$SUBQUERY PASSWORD '$Password'"
[ "$SUBQUERY" ] && QUERY="$QUERY WITH $SUBQUERY" [ "$SUBQUERY" ] && QUERY="$QUERY WITH $SUBQUERY"
[ "$CanCreateDb" = t ] && QUERY="$QUERY CREATEDB" [ "$CanCreateDb" = t ] && QUERY="$QUERY CREATEDB"

4
src/include/commands/copy.h
View File

@ -6,7 +6,7 @@
* *
* Copyright (c) 1994, Regents of the University of California * Copyright (c) 1994, Regents of the University of California
* *
* $Id: copy.h,v 1.7 1999/12/14 00:08:19 momjian Exp $ * $Id: copy.h,v 1.8 2000/01/14 22:11:37 petere Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -15,6 +15,6 @@
void DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe, void DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
char *filename, char *delim, char *null_print, int fileumask); char *filename, char *delim, char *null_print);
#endif /* COPY_H */ #endif /* COPY_H */

14
src/include/commands/user.h
View File

@ -11,15 +11,15 @@
#define USER_H #define USER_H
#include "nodes/parsenodes.h" #include "nodes/parsenodes.h"
#include "tcop/dest.h" #include "access/htup.h"
extern void DefineUser(CreateUserStmt *stmt, CommandDest); extern void CreateUser(CreateUserStmt *stmt);
extern void AlterUser(AlterUserStmt *stmt, CommandDest); extern void AlterUser(AlterUserStmt *stmt);
extern void RemoveUser(char *user, CommandDest); extern void DropUser(DropUserStmt *stmt);
extern void CreateGroup(CreateGroupStmt *stmt, CommandDest dest); extern void CreateGroup(CreateGroupStmt *stmt);
extern void AlterGroup(AlterGroupStmt *stmt, CommandDest dest); extern void AlterGroup(AlterGroupStmt *stmt, const char * tag);
extern void DropGroup(DropGroupStmt *stmt, CommandDest dest); extern void DropGroup(DropGroupStmt *stmt);
extern HeapTuple update_pg_pwd(void); extern HeapTuple update_pg_pwd(void);

20
src/include/nodes/parsenodes.h
View File

@ -6,7 +6,7 @@
* *
* Copyright (c) 1994, Regents of the University of California * Copyright (c) 1994, Regents of the University of California
* *
* $Id: parsenodes.h,v 1.92 1999/12/16 17:24:19 momjian Exp $ * $Id: parsenodes.h,v 1.93 2000/01/14 22:11:38 petere Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -270,18 +270,26 @@ typedef struct CreateUserStmt
char *user; /* PostgreSQL user login */ char *user; /* PostgreSQL user login */
char *password; /* PostgreSQL user password */ char *password; /* PostgreSQL user password */
int sysid; /* PgSQL system id (-1 if don't care) */ int sysid; /* PgSQL system id (-1 if don't care) */
bool *createdb; /* Can the user create databases? */ bool createdb; /* Can the user create databases? */
bool *createuser; /* Can this user create users? */ bool createuser; /* Can this user create users? */
List *groupElts; /* The groups the user is a member of */ List *groupElts; /* The groups the user is a member of */
char *validUntil; /* The time the login is valid until */ char *validUntil; /* The time the login is valid until */
} CreateUserStmt; } CreateUserStmt;
typedef CreateUserStmt AlterUserStmt; typedef struct AlterUserStmt
{
NodeTag type;
char *user; /* PostgreSQL user login */
char *password; /* PostgreSQL user password */
int createdb; /* Can the user create databases? */
int createuser; /* Can this user create users? */
char *validUntil; /* The time the login is valid until */
} AlterUserStmt;
typedef struct DropUserStmt typedef struct DropUserStmt
{ {
NodeTag type; NodeTag type;
char *user; /* PostgreSQL user login */ List *users; /* List of users to remove */
} DropUserStmt; } DropUserStmt;
@ -301,7 +309,7 @@ typedef struct AlterGroupStmt
{ {
NodeTag type; NodeTag type;
char *name; /* name of group to alter */ char *name; /* name of group to alter */
int action; /* +1 = add, -1 = drop, 0 = other (HACK!) */ int action; /* +1 = add, -1 = drop user */
int sysid; /* sysid change */ int sysid; /* sysid change */
List *listUsers; /* list of users to add/drop */ List *listUsers; /* list of users to add/drop */
} AlterGroupStmt; } AlterGroupStmt;