无法删除构成安全风险的postgresql用户
无法删除构成安全风险的postgresql用户
提问于 2017-06-23 18:03:14
我们授予第三方软件访问我们的postgresql数据库的权限。经过计费争议,我们现在已经切断了与该公司的联系,但不能删除用户。我们需要尽快删除此用户,但不知道如何删除。以下是我们在尝试这样做时看到的一些情况:
prod=> drop user evil_user;
ERROR: role "evil_user" cannot be dropped because some objects depend on it
DETAIL: owner of default privileges on new relations belonging to role evil_user
prod=> reassign owned by evil_user to root;
ERROR: permission denied to reassign objects
prod=> drop role evil_user;
ERROR: role "evil_user" cannot be dropped because some objects depend on it
DETAIL: owner of default privileges on new relations belonging to role evil_user
^
prod=> REVOKE ALL ON ALL TABLES IN SCHEMA PUBLIC FROM evil_user;
REVOKE
prod=> drop role evil_user;
ERROR: role "evil_user" cannot be dropped because some objects depend on it
DETAIL: owner of default privileges on new relations belonging to role evil_user
prod=> REVOKE ALL ON SCHEMA public FROM evil_user;
REVOKE
prod=> REVOKE ALL ON DATABASE prod FROM evil_user;
REVOKE
prod=> reassign owned by evil_user to root;
ERROR: permission denied to reassign objects
prod=> drop user evil_user;
ERROR: role "evil_user" cannot be dropped because some objects depend on it
DETAIL: owner of default privileges on new relations belonging to role evil_user
^
prod=> ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON TABLES FROM evil_user;
ALTER DEFAULT PRIVILEGES
prod=> drop user evil_user;
ERROR: role "evil_user" cannot be dropped because some objects depend on it
DETAIL: owner of default privileges on new relations belonging to role evil_user
prod=> reassign owned by evil_user to root;
ERROR: permission denied to reassign objects我们得把这些人从我们的数据库里拿出来。由于一些原因,我们不能很容易地转移到新的Postgres实例。
回答 1
Stack Overflow用户
发布于 2020-06-24 22:39:38
在没有supserusesr帐号的情况下使用REASSIGN时,会有一些不直观的权限要求,例如在RDS和Cloud SQL上,但只要您的current_user有权限访问GRANT evil_user TO prod就可以了。在另一篇文章中,我回答了同样的问题:https://stackoverflow.com/a/62557497/79079
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/44718654
复制相关文章
相似问题