From bf1e33d24a9611583595eb1c6cc2e7ce3fa01da4 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 22 Aug 2005 17:38:20 +0000 Subject: Fix unwanted denial of ALTER OWNER rights to superusers. There was some discussion of getting around this by relaxing the checks made for regular users, but I'm disinclined to toy with the security model right now, so just special-case it for superusers where needed. --- src/backend/commands/dbcommands.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/backend/commands/dbcommands.c') diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c index 40e28a0821c..49d3e1d4f5d 100644 --- a/src/backend/commands/dbcommands.c +++ b/src/backend/commands/dbcommands.c @@ -15,7 +15,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/commands/dbcommands.c,v 1.170 2005/08/12 01:35:57 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/commands/dbcommands.c,v 1.171 2005/08/22 17:38:20 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -1024,7 +1024,8 @@ AlterDatabaseOwner(const char *dbname, Oid newOwnerId) * NOTE: This is different from other alter-owner checks in * that the current user is checked for createdb privileges * instead of the destination owner. This is consistent - * with the CREATE case for databases. + * with the CREATE case for databases. Because superusers + * will always have this right, we need no special case for them. */ if (!have_createdb_privilege()) ereport(ERROR, -- cgit v1.2.3