From b8426a56c43acc9e161250f5cb8c91321b78ae9d Mon Sep 17 00:00:00 2001 From: Ajin Cherian Date: Mon, 15 May 2023 04:34:40 -0400 Subject: [PATCH v1] Fix issue where the "copy" command does not adhere to the run_as_owner setting. Make sure that "copy" command used during tablesync also respects the run_as_owner setting. --- src/backend/replication/logical/tablesync.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/backend/replication/logical/tablesync.c b/src/backend/replication/logical/tablesync.c index 0c71ae9..a8d3c47 100644 --- a/src/backend/replication/logical/tablesync.c +++ b/src/backend/replication/logical/tablesync.c @@ -120,6 +120,7 @@ #include "utils/rls.h" #include "utils/snapmgr.h" #include "utils/syscache.h" +#include "utils/usercontext.h" static bool table_states_valid = false; static List *table_states_not_ready = NIL; @@ -1253,6 +1254,8 @@ LogicalRepSyncTableStart(XLogRecPtr *origin_startpos) char originname[NAMEDATALEN]; RepOriginId originid; bool must_use_password; + UserContext ucxt; + bool run_as_owner; /* Check the state of the table synchronization. */ StartTransactionCommand(); @@ -1456,6 +1459,14 @@ LogicalRepSyncTableStart(XLogRecPtr *origin_startpos) originname))); } + /* + * Make sure that the copy command runs as the table owner, unless + * the user has opted out of that behaviour. + */ + run_as_owner = MySubscription->runasowner; + if (!run_as_owner) + SwitchToUntrustedUser(rel->rd_rel->relowner, &ucxt); + /* Now do the initial data copy */ PushActiveSnapshot(GetTransactionSnapshot()); copy_table(rel); @@ -1469,6 +1480,9 @@ LogicalRepSyncTableStart(XLogRecPtr *origin_startpos) res->err))); walrcv_clear_result(res); + if(!run_as_owner) + RestoreUserContext(&ucxt); + table_close(rel, NoLock); /* Make the copy visible. */ -- 1.8.3.1