The stored procedures for index_export and export_images are of the form COPY (...) TO '${exportRoot}/images.csv' DELIMITER ',' CSV HEADER; which requires the DB user the image service uses to have SUPERUSER privileges[1]. This makes the DB access less portable as it can't be run in a secured environment. We can drop the need for SU by simply scrolling the query results through a CSV exporter our self. Admins that execute these stored procs through a different db client such as psql can use \copy to effectively use the local user's privileges instead.
The stored procedures for
index_export
andexport_images
are of the formCOPY (...) TO '${exportRoot}/images.csv' DELIMITER ',' CSV HEADER;
which requires the DB user the image service uses to haveSUPERUSER
privileges[1]. This makes the DB access less portable as it can't be run in a secured environment. We can drop the need for SU by simply scrolling the query results through a CSV exporter our self. Admins that execute these stored procs through a different db client such aspsql
can use\copy
to effectively use the local user's privileges instead.[1] - COPY naming a file or command is only allowed to database superusers, since it allows reading or writing any file that the server has privileges to access.