summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7fdd919)
raw | patch | inline | side by side (parent: 7fdd919)
| author | Tom Lane <tgl@sss.pgh.pa.us> | |
| Thu, 13 Feb 2020 20:02:35 +0000 (15:02 -0500) | ||
| committer | Tom Lane <tgl@sss.pgh.pa.us> | |
| Thu, 13 Feb 2020 20:02:35 +0000 (15:02 -0500) |
This allows these modules to be installed into a database without
superuser privileges (assuming that the DBA or sysadmin has installed
the module's files in the expected place). You only need CREATE
privilege on the current database, which by default would be
available to the database owner.
The following modules are marked trusted:
btree_gin
btree_gist
citext
cube
dict_int
earthdistance
fuzzystrmatch
hstore
hstore_plperl
intarray
isn
jsonb_plperl
lo
ltree
pg_trgm
pgcrypto
seg
tablefunc
tcn
tsm_system_rows
tsm_system_time
unaccent
uuid-ossp
In the future we might mark some more modules trusted, but there
seems to be no debate about these, and on the whole it seems wise
to be conservative with use of this feature to start out with.
Discussion: https://postgr.es/m/32315.1580326876@sss.pgh.pa.us
superuser privileges (assuming that the DBA or sysadmin has installed
the module's files in the expected place). You only need CREATE
privilege on the current database, which by default would be
available to the database owner.
The following modules are marked trusted:
btree_gin
btree_gist
citext
cube
dict_int
earthdistance
fuzzystrmatch
hstore
hstore_plperl
intarray
isn
jsonb_plperl
lo
ltree
pg_trgm
pgcrypto
seg
tablefunc
tcn
tsm_system_rows
tsm_system_time
unaccent
uuid-ossp
In the future we might mark some more modules trusted, but there
seems to be no debate about these, and on the whole it seems wise
to be conservative with use of this feature to start out with.
Discussion: https://postgr.es/m/32315.1580326876@sss.pgh.pa.us
46 files changed:
index d576da7fd047930658b08fb0c8b2ddcae08a85a5..67d0c997d8d26e4b5e23cb79249570f553015500 100644 (file)
default_version = '1.3'
module_pathname = '$libdir/btree_gin'
relocatable = true
+trusted = true
index 81c850905c5501e3bc21f25f55b94fc428f15373..cd2d7eb4abbca443effae404375d1c66c55913a7 100644 (file)
default_version = '1.5'
module_pathname = '$libdir/btree_gist'
relocatable = true
+trusted = true
index a872a3f012b06d661ffe7b7c06320d555ae7afef..ccf445475d020b3a948311d5f66e5105f6c4c4a8 100644 (file)
default_version = '1.6'
module_pathname = '$libdir/citext'
relocatable = true
+trusted = true
index f39a838e3f10d1418bdf841bdcf97fa5b4350021..3e238fc9374acb6d0367c3bafb309e0f4f530432 100644 (file)
default_version = '1.4'
module_pathname = '$libdir/cube'
relocatable = true
+trusted = true
index 6e2d2b351ae22ade056df8a6516ded017130e7fe..ec04ccea91a3a72e06a00dbb86fc775d08e240ef 100644 (file)
default_version = '1.0'
module_pathname = '$libdir/dict_int'
relocatable = true
+trusted = true
diff --git a/contrib/earthdistance/earthdistance.control b/contrib/earthdistance/earthdistance.control
index 5816d22cdd98810f75f4a2a4dc34ae32510e496a..3df666dfc1bbd47dcfedca01482f3a0bec2af1aa 100644 (file)
default_version = '1.1'
module_pathname = '$libdir/earthdistance'
relocatable = true
+trusted = true
requires = 'cube'
diff --git a/contrib/fuzzystrmatch/fuzzystrmatch.control b/contrib/fuzzystrmatch/fuzzystrmatch.control
index 6b2832ae8d95cf494835c43f1e47934332fc67a2..3cd6660bf902c8d751e0f1f7427e2356871b25de 100644 (file)
default_version = '1.1'
module_pathname = '$libdir/fuzzystrmatch'
relocatable = true
+trusted = true
index 93688cdd83c33872df276b11a4f67f486b75b72e..e0fbb8bb3c5a7b613c8469b5ac00977c74c696c0 100644 (file)
default_version = '1.6'
module_pathname = '$libdir/hstore'
relocatable = true
+trusted = true
diff --git a/contrib/hstore_plperl/hstore_plperl.control b/contrib/hstore_plperl/hstore_plperl.control
index 16277f68c1ccfae18d53345144d1643422d626d5..4b9fd13d04fcd03e6412e88453893d93c237ee8e 100644 (file)
default_version = '1.0'
module_pathname = '$libdir/hstore_plperl'
relocatable = true
+trusted = true
requires = 'hstore,plperl'
index 7e50cc30f66194592c03cf0585891ae4388af96b..bf28804dec9e2b24bedd49dfa2f0ed8467d944fe 100644 (file)
default_version = '1.2'
module_pathname = '$libdir/_int'
relocatable = true
+trusted = true
index 765dce0e0a2b21859aa490d2ef74c659dde3c97f..1cb5e2b23403619fbb0dcbcc1b47be79cc99284d 100644 (file)
--- a/contrib/isn/isn.control
+++ b/contrib/isn/isn.control
default_version = '1.2'
module_pathname = '$libdir/isn'
relocatable = true
+trusted = true
index 26c86a70e429a3670056d0bcb6b67e98b6f028f4..4acee93a2fcc563dc951c270ec8592555d66ceeb 100644 (file)
default_version = '1.0'
module_pathname = '$libdir/jsonb_plperl'
relocatable = true
+trusted = true
requires = 'plperl'
diff --git a/contrib/lo/lo.control b/contrib/lo/lo.control
index 820326c798969ecd2e83708e5a79eff2f0b0dace..f73f8b5fae5e72789b4f4433089b95962eb13508 100644 (file)
--- a/contrib/lo/lo.control
+++ b/contrib/lo/lo.control
default_version = '1.1'
module_pathname = '$libdir/lo'
relocatable = true
+trusted = true
index 03c3fb1ab59b9e7afa2be173d4f682eabd492c2c..3118df63d3fedee8b1b427e306475e63515c274e 100644 (file)
default_version = '1.1'
module_pathname = '$libdir/ltree'
relocatable = true
+trusted = true
index 3e325dde0035cf1d471cdb2ba18953e49e998c15..831ba2391b93b99e14c091a16b21310eb47e60f4 100644 (file)
default_version = '1.4'
module_pathname = '$libdir/pg_trgm'
relocatable = true
+trusted = true
index 583983257a85f05ef44745fae272c73ac24e11bb..d2151d3bc4be5b9513fa93ba1b4f2eb3d84aefb2 100644 (file)
default_version = '1.3'
module_pathname = '$libdir/pgcrypto'
relocatable = true
+trusted = true
index d697cd6c2a8f9dea2980e28da8cd2653556a9b1c..9ac308084813dafc2a457602d641eb294547d467 100644 (file)
--- a/contrib/seg/seg.control
+++ b/contrib/seg/seg.control
default_version = '1.3'
module_pathname = '$libdir/seg'
relocatable = true
+trusted = true
index 248b0a77a2dfdc2cdadef05c75dd1942ca16869c..7b25d1617023c5e55c78da4810ef38078f2638ab 100644 (file)
default_version = '1.0'
module_pathname = '$libdir/tablefunc'
relocatable = true
+trusted = true
index 8abfd19dc7a7bb42944feba25039cd1238345a23..6972e1102e29c1c66fe46f50a29ddeab7794c0c7 100644 (file)
--- a/contrib/tcn/tcn.control
+++ b/contrib/tcn/tcn.control
default_version = '1.0'
module_pathname = '$libdir/tcn'
relocatable = true
+trusted = true
diff --git a/contrib/tsm_system_rows/tsm_system_rows.control b/contrib/tsm_system_rows/tsm_system_rows.control
index 4bd0232f97215933516bf5ea801a49f43f8c0d6c..b495fb126c0c24238a20d93299eb532eaa9468f7 100644 (file)
default_version = '1.0'
module_pathname = '$libdir/tsm_system_rows'
relocatable = true
+trusted = true
diff --git a/contrib/tsm_system_time/tsm_system_time.control b/contrib/tsm_system_time/tsm_system_time.control
index c247987c66d14b9a2cb75fb07bbe623366d4b458..b1b9789debca765b4a4cfdae2eed652e3c5593d8 100644 (file)
default_version = '1.0'
module_pathname = '$libdir/tsm_system_time'
relocatable = true
+trusted = true
index a77a65f8918bae4c18ddb80a7a75545286c186ed..649cf68a6e7b1e49909ed0f5211c564f35a805ab 100644 (file)
default_version = '1.1'
module_pathname = '$libdir/unaccent'
relocatable = true
+trusted = true
index 657476c182fe8ff02cc324670f6313967dc11005..142a99e4a894090afe93cbb6c2b0c817993255f5 100644 (file)
default_version = '1.1'
module_pathname = '$libdir/uuid-ossp'
relocatable = true
+trusted = true
index 314e001fefbe3c6cb4c273415bba9e6153ac6eac..5bc5a054e8d1dc9fda89840691995d50beb68a3d 100644 (file)
two separate indexes that would have to be combined via bitmap ANDing.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Example Usage</title>
index 774442feeeed421fb4b0043b01f4ef031c212faa..3b61d276a38c25cd3438cfa1baa93a025e14219b 100644 (file)
<type>oid</type>, and <type>money</type>.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Example Usage</title>
index 85aa339d8bafa742b2a6665937d498c4ab1d85df..667824fb0b843766aa32f2dd0749051ec6804e83 100644 (file)
--- a/doc/src/sgml/citext.sgml
+++ b/doc/src/sgml/citext.sgml
</para>
</tip>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Rationale</title>
index b626a345f3eec49a67a7f97b089a849ece688a03..08bb110b515b74061fec87ebd7caf3375efedf9b 100644 (file)
Many modules supply new user-defined functions, operators, or types.
To make use of one of these modules, after you have installed the code
you need to register the new SQL objects in the database system.
- In <productname>PostgreSQL</productname> 9.1 and later, this is done by executing
+ This is done by executing
a <xref linkend="sql-createextension"/> command. In a fresh database,
you can simply do
CREATE EXTENSION <replaceable>module_name</replaceable>;
</programlisting>
- This command must be run by a database superuser. This registers the
- new SQL objects in the current database only, so you need to run this
- command in each database that you want
+ This command registers the new SQL objects in the current database only,
+ so you need to run it in each database that you want
the module's facilities to be available in. Alternatively, run it in
database <literal>template1</literal> so that the extension will be copied into
subsequently-created databases by default.
</para>
+ <para>
+ For all these modules, <command>CREATE EXTENSION</command> must be run
+ by a database superuser, unless the module is
+ considered <quote>trusted</quote>, in which case it can be run by any
+ user who has <literal>CREATE</literal> privilege on the current
+ database. Modules that are trusted are identified as such in the
+ sections that follow. Generally, trusted modules are ones that cannot
+ provide access to outside-the-database functionality.
+ </para>
+
<para>
Many modules allow you to install their objects in a schema of your
choice. To do that, add <literal>SCHEMA
diff --git a/doc/src/sgml/cube.sgml b/doc/src/sgml/cube.sgml
index c6e586270aae0476d2d552e125514aa437312089..71772d799fef5063081457f573c4c8a06ff29598 100644 (file)
--- a/doc/src/sgml/cube.sgml
+++ b/doc/src/sgml/cube.sgml
representing multidimensional cubes.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Syntax</title>
index c15cbd0e4d1840ae4745a6fe8fd5c3b422bb8a26..b556f1b4daf37b1adfa91405ed01aa3ad940c6c5 100644 (file)
unique words, which greatly affects the performance of searching.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Configuration</title>
index 670fc9955f7e86e3638cce0656ce53d9fb676560..7ca2c40e37d7b73a04918faea3290a68c3d4720e 100644 (file)
project.)
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Cube-Based Earth Distances</title>
index 373ac4891df410dbc0ae1fe2d245e8fde40212c1..382e54be918e11713add81b683ada1b2ab9a7b9e 100644 (file)
</para>
</caution>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Soundex</title>
index 94ccd1201e115f25ae47072cf0918adc1aef31a7..64c2477fffcab43f9dd20082ba12c57604f1da75 100644 (file)
--- a/doc/src/sgml/hstore.sgml
+++ b/doc/src/sgml/hstore.sgml
simply text strings.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title><type>hstore</type> External Representation</title>
convention). If you use them, <type>hstore</type> values are mapped to
Python dictionaries.
</para>
+
+ <para>
+ Of these additional extensions, <literal>hstore_plperl</literal> is
+ considered trusted; the rest are not.
+ </para>
</sect2>
<sect2>
index b633cf36778903201534bba685c08b6b3cf2de27..025cbca616e28a0a64d0ff751fe6a17bb6cdbf82 100644 (file)
treated as though it were a linear array in storage order.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title><filename>intarray</filename> Functions and Operators</title>
diff --git a/doc/src/sgml/isn.sgml b/doc/src/sgml/isn.sgml
index 21174549eb5cacf494689205de3269fe600ef8a1..6c61f14fdcd84c10412f51565b73c6aee7666fb6 100644 (file)
--- a/doc/src/sgml/isn.sgml
+++ b/doc/src/sgml/isn.sgml
dropped from a future version of this module.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Data Types</title>
diff --git a/doc/src/sgml/json.sgml b/doc/src/sgml/json.sgml
index 6ff875187050f615dbf4a892f41cfe81331417bf..1b6aaf0a558801a59e36889030f2bbd23c7d7882 100644 (file)
--- a/doc/src/sgml/json.sgml
+++ b/doc/src/sgml/json.sgml
@@ -622,6 +622,13 @@ SELECT jdoc->'guid', jdoc->'name' FROM api WHERE jdoc @> '{"tags": ["qu
use them, <type>jsonb</type> values are mapped to Python dictionaries,
lists, and scalars, as appropriate.
</para>
+
+ <para>
+ Of these extensions, <literal>jsonb_plperl</literal> is
+ considered <quote>trusted</quote>, that is, it can be installed by
+ non-superusers who have <literal>CREATE</literal> privilege on the
+ current database. The rest require superuser privilege to install.
+ </para>
</sect2>
<sect2 id="datatype-jsonpath">
diff --git a/doc/src/sgml/lo.sgml b/doc/src/sgml/lo.sgml
index cce37932ec6850e999e96100b3c5c60fe0a4e8c7..0a4f2e4449a0fa6dd58c63acd486b4b2bab37cc2 100644 (file)
--- a/doc/src/sgml/lo.sgml
+++ b/doc/src/sgml/lo.sgml
and a trigger <function>lo_manage</function>.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Rationale</title>
index 3ddd335b8c929e29ec992de9f0471d1e9376a247..b4e07f651097392f6f4420a902275203637178c0 100644 (file)
--- a/doc/src/sgml/ltree.sgml
+++ b/doc/src/sgml/ltree.sgml
Extensive facilities for searching through label trees are provided.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Definitions</title>
index 0acd11ed555dd0e9520a098b7a63f1451993c9ae..cc916ff1d65b8c235f5cb466eab637623d750578 100644 (file)
<productname>PostgreSQL</productname>.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>General Hashing Functions</title>
index 3e6fd7395fba820abcf0a8e1d55b44d8867e0a29..049f496869cbebcbbdd95b5691a1bc55f2590013 100644 (file)
--- a/doc/src/sgml/pgtrgm.sgml
+++ b/doc/src/sgml/pgtrgm.sgml
strings.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Trigram (or Trigraph) Concepts</title>
diff --git a/doc/src/sgml/seg.sgml b/doc/src/sgml/seg.sgml
index d07329f5d1762c24c1ebd353cfc980ce5b215567..2492de911add7d72d0b4cc6dbbed760481da7bb6 100644 (file)
--- a/doc/src/sgml/seg.sgml
+++ b/doc/src/sgml/seg.sgml
making it especially useful for representing laboratory measurements.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Rationale</title>
index 007e9c62f56e0a3f47d2f271bed1d077e70a74ca..ad435d6dc3e5020c41bc48f9798f073ffd33b92b 100644 (file)
multiple rows.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Functions Provided</title>
diff --git a/doc/src/sgml/tcn.sgml b/doc/src/sgml/tcn.sgml
index aa2fe4f00af6b6b28a94cfd846ee13095a41cb2c..82afe9ada4be0944f002ce7861963ae17bcedeea 100644 (file)
--- a/doc/src/sgml/tcn.sgml
+++ b/doc/src/sgml/tcn.sgml
used as an <literal>AFTER</literal> trigger <literal>FOR EACH ROW</literal>.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<para>
Only one parameter may be supplied to the function in a
<literal>CREATE TRIGGER</literal> statement, and that is optional. If supplied
index 3dcd948ff86d1a536dd41d0044aa3ad1841a40c8..071ff301d07b66693de7545acfae4794263f78f5 100644 (file)
the <literal>REPEATABLE</literal> clause.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Examples</title>
index fd8e99954431954ec3e646ed1b81211f45c91a30..cd074926d85a592ba4eaeef835b363f8ee5b9141 100644 (file)
the <literal>REPEATABLE</literal> clause.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Examples</title>
index 547ac54a71e8801841ea8b18494af65d0c6c2503..5cd716a2aa5655ce4e27ee0e69355b7c7e0c84a5 100644 (file)
normalizing dictionary for the <filename>thesaurus</filename> dictionary.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title>Configuration</title>
index 0fbabbfda246054554c47bcbb2f67a4220e3b9f6..54d7813d38e0e11d1fe9e1b5461c1628c8f10886 100644 (file)
linkend="functions-uuid"/> for built-in ways to generate UUIDs.
</para>
+ <para>
+ This module is considered <quote>trusted</quote>, that is, it can be
+ installed by non-superusers who have <literal>CREATE</literal> privilege
+ on the current database.
+ </para>
+
<sect2>
<title><literal>uuid-ossp</literal> Functions</title>