<!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/alter_user.sgml,v 1.8 1999/07/22 15:09:06 thomas Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/alter_user.sgml,v 1.9 1999/11/30 03:57:22 momjian Exp $
Postgres documentation
-->
<date>1999-07-20</date>
</refsynopsisdivinfo>
<synopsis>
-ALTER USER <replaceable class="PARAMETER">username</replaceable> [ WITH PASSWORD <replaceable class="PARAMETER">password</replaceable> ]
+ALTER USER <replaceable class="PARAMETER">username</replaceable>
+ [ WITH
+ [ SYSID <replaceable class="PARAMETER">uid</replaceable> ]
+ [ PASSWORD <replaceable class="PARAMETER">password</replaceable> ] ]
[ CREATEDB | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ]
[ IN GROUP <replaceable class="PARAMETER">groupname</replaceable> [, ...] ]
[ VALID UNTIL '<replaceable class="PARAMETER">abstime</replaceable>' ]
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><replaceable class="parameter">uid</replaceable></term>
+ <listitem>
+ <para>
+ The new <productname>PostgreSQL</productname> user id of the user.
+ Since this number is used as a key into the
+ <literal>pg_shadow</literal>/<literal>pg_user</literal> table
+ throughout the system catalogs, it is not recommended that you change
+ it unless the user in question does not own anything at all and/or
+ you really know what you are doing. Note that it is not necessary that
+ database and <acronym>UNIX</acronym> user ids match, but some people
+ choose to keep the numbers the same.
+ </para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term><replaceable class="PARAMETER"> groupname </replaceable></term>
<listitem>
<para>
<command>ALTER USER</command> is used to change the attributes of a user's
<productname>Postgres</productname> account.
- Please note that it is not possible
- to alter a user's "<literal>usesysid</literal>" via the alter user
- statement. Also, it is only possible for the
+ Also, it is only possible for the
<productname>Postgres</productname>
user or any user with read and modify permissions on
<literal>pg_shadow</literal> to alter user passwords.
to create or remove a user account.
</para>
<para>
- In the current release (v6.5), the IN GROUP clause is parsed
- but has no affect. When it is fully implemented, it is
- intended to modify the pg_group relation.
+ The IN GROUP clause is not yet implemented.
</para>
</refsect2>
</refsect1>
<!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_user.sgml,v 1.9 1999/10/07 16:40:36 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_user.sgml,v 1.10 1999/11/30 03:57:23 momjian Exp $
Postgres documentation
-->
<date>1999-07-20</date>
</refsynopsisdivinfo>
<synopsis>
-CREATE USER<replaceable class="PARAMETER"> username</replaceable>
- [ WITH PASSWORD <replaceable class="PARAMETER">password</replaceable> ]
+CREATE USER <replaceable class="PARAMETER">username</replaceable>
+ [ WITH
+ [ SYSID <replaceable class="PARAMETER">uid</replaceable> ]
+ [ PASSWORD <replaceable class="PARAMETER">password</replaceable> ] ]
[ CREATEDB | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ]
[ IN GROUP <replaceable class="PARAMETER">groupname</replaceable> [, ...] ]
[ VALID UNTIL '<replaceable class="PARAMETER">abstime</replaceable>' ]
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><replaceable class="parameter">uid</replaceable></term>
+ <listitem>
+ <para>
+ The <literal>SYSID</literal> clause can be used to choose
+ the <productname>PostgreSQL</productname> user id of the user
+ that is being created. It is not at all necessary that those
+ match the <acronym>UNIX</acronym> user ids, but some people
+ choose to keep the numbers the same.
+ </para>
+ <para>
+ If this is not specified, the highest assigned user id plus one
+ will be used as default.
+ </para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term><replaceable class="parameter">password</replaceable></term>
<listitem>
<para>
- The WITH PASSWORD clause sets the user's password within
+ The PASSWORD clause sets the user's password within
the "<filename>pg_shadow</filename>" table. For this reason,
<filename>"pg_shadow</filename>" is no
longer accessible to the instance of
</title>
<para>
CREATE USER will add a new user to an instance of
- <productname>Postgres</productname>.
+ <productname>PostgreSQL</productname>.
</para>
- <para>
- The new user will be given a <filename>usesysid</filename> of:
-
- <programlisting>
-SELECT MAX(usesysid) + 1 FROM pg_shadow;
- </programlisting>
-
- This means that
- <productname>Postgres</productname> users' <filename>usesysid</filename>s will not
- correspond to their operating
- system(OS) user ids. The exception to this rule is
- the <literal>postgres</literal> superuser, whose OS user id
- is used as the
- <filename>usesysid</filename> during the initdb process.
- If you still want the
- OS user id and the <filename>usesysid</filename> to match
- for any given user,
- use the <application>createuser</application> script provided with
- the <productname>Postgres</productname> distribution.
- </para>
-
<refsect2 id="R2-SQL-CREATEUSER-3">
<refsect2info>
<date>1998-09-21</date>
Refer to the <filename>pg_shadow</filename> table for further information.
</para>
<programlisting>
- Table = pg_shadow
- +--------------------------+--------------------------+-------+
- | Field | Type | Length|
- +--------------------------+--------------------------+-------+
- | usename | name | 32 |
- | usesysid | int4 | 4 |
- | usecreatedb | bool | 1 |
- | usetrace | bool | 1 |
- | usesuper | bool | 1 |
- | usecatupd | bool | 1 |
- | passwd | text | var |
- | valuntil | abstime | 4 |
- +--------------------------+--------------------------+-------+
+ Table "pg_shadow"
+ Attribute | Type | Extra
+-------------+---------+-------
+ usename | name |
+ usesysid | int4 |
+ usecreatedb | bool |
+ usetrace | bool |
+ usesuper | bool |
+ usecatupd | bool |
+ passwd | text |
+ valuntil | abstime |
</programlisting>
</refsect2>
</refsect1>
*
* Copyright (c) 1994, Regents of the University of California
*
- * $Id: user.c,v 1.38 1999/11/24 16:52:32 momjian Exp $
+ * $Id: user.c,v 1.39 1999/11/30 03:57:23 momjian Exp $
*
*-------------------------------------------------------------------------
*/
TupleDesc pg_shadow_dsc;
HeapScanDesc scan;
HeapTuple tuple;
- Datum datum;
- bool exists = false,
- n,
+ bool user_exists = false,
+ sysid_exists = false,
inblock,
+ havesysid,
havepassword,
havevaluntil;
int max_id = -1;
+ havesysid = stmt->sysid >= 0;
havepassword = stmt->password && stmt->password[0];
havevaluntil = stmt->validUntil && stmt->validUntil[0];
if (pg_aclcheck(ShadowRelationName, pg_shadow, ACL_RD | ACL_WR | ACL_AP) != ACLCHECK_OK)
{
UserAbortTransactionBlock();
- elog(ERROR, "defineUser: user \"%s\" does not have SELECT and INSERT privilege for \"%s\"",
+ elog(ERROR, "DefineUser: user \"%s\" does not have SELECT and INSERT privilege for \"%s\"",
pg_shadow, ShadowRelationName);
return;
}
/*
- * Scan the pg_shadow relation to be certain the user doesn't already
+ * Scan the pg_shadow relation to be certain the user or id doesn't already
* exist. Note we secure exclusive lock, because we also need to be
* sure of what the next usesysid should be, and we need to protect
* our update of the flat password file.
pg_shadow_dsc = RelationGetDescr(pg_shadow_rel);
scan = heap_beginscan(pg_shadow_rel, false, SnapshotNow, 0, NULL);
- while (HeapTupleIsValid(tuple = heap_getnext(scan, 0)))
+ while (!user_exists && !sysid_exists && HeapTupleIsValid(tuple = heap_getnext(scan, 0)))
{
- datum = heap_getattr(tuple, Anum_pg_shadow_usename, pg_shadow_dsc, &n);
-
- if (!exists && !strncmp((char *) datum, stmt->user, strlen(stmt->user)))
- exists = true;
-
- datum = heap_getattr(tuple, Anum_pg_shadow_usesysid, pg_shadow_dsc, &n);
- if ((int) datum > max_id)
- max_id = (int) datum;
+ Datum datum;
+ bool null;
+
+ datum = heap_getattr(tuple, Anum_pg_shadow_usename, pg_shadow_dsc, &null);
+ user_exists = datum && !null && (strcmp((char *) datum, stmt->user) == 0);
+
+ datum = heap_getattr(tuple, Anum_pg_shadow_usesysid, pg_shadow_dsc, &null);
+ if (havesysid) /* customized id wanted */
+ sysid_exists = datum && !null && ((int)datum == stmt->sysid);
+ else /* pick 1 + max */
+ {
+ if ((int) datum > max_id)
+ max_id = (int) datum;
+ }
}
heap_endscan(scan);
- if (exists)
+ if (user_exists || sysid_exists)
{
heap_close(pg_shadow_rel, AccessExclusiveLock);
UserAbortTransactionBlock();
- elog(ERROR,
- "defineUser: user \"%s\" has already been created", stmt->user);
+ if (user_exists)
+ elog(ERROR, "DefineUser: user name \"%s\" already exists", stmt->user);
+ else
+ elog(ERROR, "DefineUser: sysid %d is already assigned", stmt->sysid);
return;
}
"values('%s',%d,'%c','f','%c','%c',%s%s%s,%s%s%s)",
ShadowRelationName,
stmt->user,
- max_id + 1,
+ havesysid ? stmt->sysid : max_id + 1,
(stmt->createdb && *stmt->createdb) ? 't' : 'f',
(stmt->createuser && *stmt->createuser) ? 't' : 'f',
((stmt->createdb && *stmt->createdb) ||
TupleDesc pg_shadow_dsc;
HeapTuple tuple;
bool inblock;
+ bool comma = false;
if (stmt->password)
CheckPgUserAclNotNull();
if (pg_aclcheck(ShadowRelationName, pg_shadow, ACL_RD | ACL_WR) != ACLCHECK_OK)
{
UserAbortTransactionBlock();
- elog(ERROR, "alterUser: user \"%s\" does not have SELECT and UPDATE privilege for \"%s\"",
+ elog(ERROR, "AlterUser: user \"%s\" does not have SELECT and UPDATE privilege for \"%s\"",
pg_shadow, ShadowRelationName);
return;
}
{
heap_close(pg_shadow_rel, AccessExclusiveLock);
UserAbortTransactionBlock();
- elog(ERROR, "alterUser: user \"%s\" does not exist", stmt->user);
+ elog(ERROR, "AlterUser: user \"%s\" does not exist", stmt->user);
}
+ /* look for duplicate sysid */
+ tuple = SearchSysCacheTuple(USESYSID,
+ Int32GetDatum(stmt->sysid),
+ 0, 0, 0);
+ if (HeapTupleIsValid(tuple))
+ {
+ Datum datum;
+ bool null;
+
+ datum = heap_getattr(tuple, Anum_pg_shadow_usename, pg_shadow_dsc, &null);
+ if (datum && !null && strcmp((char *) datum, stmt->user) != 0)
+ {
+ heap_close(pg_shadow_rel, AccessExclusiveLock);
+ UserAbortTransactionBlock();
+ elog(ERROR, "AlterUser: sysid %d is already assigned", stmt->sysid);
+ }
+ }
+
+
/*
* Create the update statement to modify the user.
*
* XXX see diatribe in preceding routine. This code is just as bogus.
*/
- snprintf(sql, SQL_LENGTH, "update %s set", ShadowRelationName);
+ snprintf(sql, SQL_LENGTH, "update %s set ", ShadowRelationName);
if (stmt->password)
+ {
snprintf(sql + strlen(sql), SQL_LENGTH - strlen(sql),
- " passwd = '%s'", stmt->password);
+ "passwd = '%s'", stmt->password);
+ comma = true;
+ }
+
+ if (stmt->sysid>=0)
+ {
+ if (comma)
+ strcat(sql, ", ");
+ snprintf(sql + strlen(sql), SQL_LENGTH - strlen(sql),
+ "usesysid = %d", stmt->sysid);
+ comma = true;
+ }
if (stmt->createdb)
- {
+ {
+ if (comma)
+ strcat(sql, ", ");
snprintf(sql + strlen(sql), SQL_LENGTH - strlen(sql),
- "%s usecreatedb='%s'",
- stmt->password ? "," : "",
- *stmt->createdb ? "t" : "f");
- }
+ "usecreatedb='%c'",
+ *stmt->createdb ? 't' : 'f');
+ comma = true;
+ }
if (stmt->createuser)
- {
+ {
+ if (comma)
+ strcat(sql, ", ");
snprintf(sql + strlen(sql), SQL_LENGTH - strlen(sql),
- "%s usesuper='%s'",
- (stmt->password || stmt->createdb) ? "," : "",
- *stmt->createuser ? "t" : "f");
- }
+ "usesuper='%c'",
+ *stmt->createuser ? 't' : 'f');
+ comma = true;
+ }
if (stmt->validUntil)
- {
+ {
+ if (comma)
+ strcat(sql, ", ");
snprintf(sql + strlen(sql), SQL_LENGTH - strlen(sql),
- "%s valuntil='%s'",
- (stmt->password || stmt->createdb || stmt->createuser) ? "," : "",
+ "valuntil='%s'",
stmt->validUntil);
- }
+ }
snprintf(sql + strlen(sql), SQL_LENGTH - strlen(sql),
" where usename = '%s'",
if (pg_aclcheck(ShadowRelationName, pg_shadow, ACL_RD | ACL_WR) != ACLCHECK_OK)
{
UserAbortTransactionBlock();
- elog(ERROR, "removeUser: user \"%s\" does not have SELECT and DELETE privilege for \"%s\"",
+ elog(ERROR, "RemoveUser: user \"%s\" does not have SELECT and DELETE privilege for \"%s\"",
pg_shadow, ShadowRelationName);
}
{
heap_close(pg_shadow_rel, AccessExclusiveLock);
UserAbortTransactionBlock();
- elog(ERROR, "removeUser: user \"%s\" does not exist", user);
+ elog(ERROR, "RemoveUser: user \"%s\" does not exist", user);
}
usesysid = (int32) heap_getattr(tuple, Anum_pg_shadow_usesysid, pg_dsc, &n);
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.115 1999/11/20 21:39:36 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.116 1999/11/30 03:57:24 momjian Exp $
*
* HISTORY
* AUTHOR DATE MAJOR EVENT
%type <pboolean> user_createdb_clause, user_createuser_clause
%type <str> user_passwd_clause
+%type <ival> sysid_clause
%type <str> user_valid_clause
%type <list> user_group_list, user_group_clause
VALUES, VARCHAR, VARYING, VIEW,
WHEN, WHERE, WITH, WORK, YEAR_P, ZONE
+
/* Keywords (in SQL3 reserved words) */
%token DEFERRABLE, DEFERRED,
IMMEDIATE, INITIALLY,
NEW, NOCREATEDB, NOCREATEUSER, NONE, NOTHING, NOTIFY, NOTNULL,
OFFSET, OIDS, OPERATOR, PASSWORD, PROCEDURAL,
RENAME, RESET, RETURNS, ROW, RULE,
- SEQUENCE, SERIAL, SETOF, SHARE, SHOW, START, STATEMENT, STDIN, STDOUT,
+ SEQUENCE, SERIAL, SETOF, SHARE, SHOW, START, STATEMENT, STDIN, STDOUT, SYSID,
TRUNCATE, TRUSTED,
UNLISTEN, UNTIL, VACUUM, VALID, VERBOSE, VERSION
*
*****************************************************************************/
-CreateUserStmt: CREATE USER UserId user_passwd_clause user_createdb_clause
- user_createuser_clause user_group_clause user_valid_clause
+CreateUserStmt: CREATE USER UserId
+ user_createdb_clause user_createuser_clause user_group_clause
+ user_valid_clause
{
CreateUserStmt *n = makeNode(CreateUserStmt);
n->user = $3;
- n->password = $4;
- n->createdb = $5;
- n->createuser = $6;
- n->groupElts = $7;
- n->validUntil = $8;
+ n->sysid = -1;
+ n->password = NULL;
+ n->createdb = $4;
+ n->createuser = $5;
+ n->groupElts = $6;
+ n->validUntil = $7;
$$ = (Node *)n;
}
+ | CREATE USER UserId WITH sysid_clause user_passwd_clause
+ user_createdb_clause user_createuser_clause user_group_clause
+ user_valid_clause
+ {
+ CreateUserStmt *n = makeNode(CreateUserStmt);
+ n->user = $3;
+ n->sysid = $5;
+ n->password = $6;
+ n->createdb = $7;
+ n->createuser = $8;
+ n->groupElts = $9;
+ n->validUntil = $10;
+ $$ = (Node *)n;
+ }
;
/*****************************************************************************
*
*****************************************************************************/
-AlterUserStmt: ALTER USER UserId user_passwd_clause user_createdb_clause
- user_createuser_clause user_group_clause user_valid_clause
+AlterUserStmt: ALTER USER UserId user_createdb_clause
+ user_createuser_clause user_group_clause user_valid_clause
{
AlterUserStmt *n = makeNode(AlterUserStmt);
n->user = $3;
- n->password = $4;
- n->createdb = $5;
- n->createuser = $6;
- n->groupElts = $7;
- n->validUntil = $8;
+ n->sysid = -1;
+ n->password = NULL;
+ n->createdb = $4;
+ n->createuser = $5;
+ n->groupElts = $6;
+ n->validUntil = $7;
+ $$ = (Node *)n;
+ }
+ | ALTER USER UserId WITH sysid_clause user_passwd_clause
+ user_createdb_clause
+ user_createuser_clause user_group_clause user_valid_clause
+ {
+ AlterUserStmt *n = makeNode(AlterUserStmt);
+ n->user = $3;
+ n->sysid = $5;
+ n->password = $6;
+ n->createdb = $7;
+ n->createuser = $8;
+ n->groupElts = $9;
+ n->validUntil = $10;
$$ = (Node *)n;
}
;
}
;
-user_passwd_clause: WITH PASSWORD UserId { $$ = $3; }
- | /*EMPTY*/ { $$ = NULL; }
+user_passwd_clause: PASSWORD UserId { $$ = $2; }
+ | /*EMPTY*/ { $$ = NULL; }
;
+sysid_clause: SYSID Iconst { $$ = $2; }
+ | /*EMPTY*/ { $$ = -1; }
+ ;
+
user_createdb_clause: CREATEDB
{
bool* b;
}
;
-user_group_clause: IN GROUP user_group_list { $$ = $3; }
+user_group_clause: IN GROUP user_group_list
+ {
+ /* the backend doesn't actually process this,
+ * so an error message is probably fairer */
+ yyerror("IN GROUP is not implemented");
+ /* $$ = $3; */
+ }
| /*EMPTY*/ { $$ = NULL; }
;
| STATEMENT { $$ = "statement"; }
| STDIN { $$ = "stdin"; }
| STDOUT { $$ = "stdout"; }
+ | SYSID { $$ = "sysid"; }
| TIME { $$ = "time"; }
| TIMESTAMP { $$ = "timestamp"; }
| TIMEZONE_HOUR { $$ = "timezone_hour"; }
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.63 1999/10/15 01:49:41 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.64 1999/11/30 03:57:26 momjian Exp $
*
*-------------------------------------------------------------------------
*/
{"stdin", STDIN},
{"stdout", STDOUT},
{"substring", SUBSTRING},
+ {"sysid", SYSID},
{"table", TABLE},
{"temp", TEMP},
{"temporary", TEMPORARY},
*
* Copyright (c) 1994, Regents of the University of California
*
- * $Id: parsenodes.h,v 1.86 1999/10/26 03:12:39 momjian Exp $
+ * $Id: parsenodes.h,v 1.87 1999/11/30 03:57:29 momjian Exp $
*
*-------------------------------------------------------------------------
*/
NodeTag type;
char *user; /* PostgreSQL user login */
char *password; /* PostgreSQL user password */
+ int sysid; /* PgSQL system id (-1 if don't care) */
bool *createdb; /* Can the user create databases? */
bool *createuser; /* Can this user create users? */
List *groupElts; /* The groups the user is a member of */
projects / postgresql / commitdiff