pg_read_server_files

pg_groups pg_read_server_files#

What is pg_read_server_files?#

pg_read_server_files is a built-in role that allows reading files from the PostgreSQL serverโ€™s filesystem.

In simple words:

โ€œI can read files that exist on the database server machine.โ€

โš ๏ธ This is NOT about reading table data

โš ๏ธ This is NOT about reading client/local files

โš ๏ธ This is server-side filesystem access

What this role ALLOWS#

A role with pg_read_server_files can use functions like:

๐Ÿ“„Read files

pg_read_file()
pg_read_binary_file()

Example:

SELECT pg_read_file('/etc/hostname');

๐Ÿ“‚ List directories

pg_ls_dir()

Example:

SELECT pg_ls_dir('pg_log');

๐Ÿ“„Read log files

SELECT pg_read_file('log/postgresql-2024-01-01.log');
Typical readable targets

  • PostgreSQL log files

  • Config files (sometimes)

  • Data directory metadata

  • OS text files (if permissions allow)

โŒ What it does NOT allow

Action

Allowed

Read table data

โŒ

Modify files

โŒ

Write files

โŒ

Execute OS commands

โŒ

Access client filesystem

โŒ

Writing files requires pg_write_server_files

Executing programs requires pg_execute_server_program

Why this role is DANGEROUS

Even though itโ€™s โ€œread-onlyโ€, it can expose:

Sensitive data risks

  • SSL private keys

  • Password files

  • Config secrets

  • OS user info

  • Backup locations

Example:

SELECT pg_read_file('/var/lib/postgresql/data/postgresql.conf');
That may reveal:

  • Ports

  • Users

  • Paths

  • Extensions

  • Logging destinations

Mental model

pg_read_server_files = โ€œRead access to the database serverโ€™s hard driveโ€

Not your laptop

Not the client

The actual DB server machine

Common legitimate use cases

  • โœ” DBAs reading logs from SQL

  • โœ” Debugging startup issues

  • โœ” Monitoring tools

  • โœ” Controlled maintenance scripts

Bad use cases (DO NOT)

  • โŒ Application users

  • โŒ Web apps

  • โŒ Shared reporting users

  • โŒ Multi-tenant SaaS users

Relationship with other roles#

Role

Capability

pg_read_server_files

๐Ÿ“– Read files

pg_write_server_files

โœ๏ธ Write files

pg_execute_server_program

Run OS commands

pg_monitor

Stats only (safe)

Never combine these casually

Best practices (VERY IMPORTANT)

  • โœ… Grant only to trusted DBAs

  • โœ… Use temporarily, then revoke

  • โœ… Audit usage

  • โŒ Never grant to app roles

  • โŒ Never grant in cloud/shared DBs

Cloud note (AWS / GCP / Azure)

Cloud providers often:

  • Restrict file paths

  • Block access to sensitive OS files

  • Log usage heavily

Still dangerous if misused.

Example grant

GRANT pg_read_server_files TO dba_user;

To revoke:

REVOKE pg_read_server_files FROM dba_user;

Summary

Feature

Value

Access level

๐Ÿ”ด High

Reads server files

โœ…

Writes server files

โŒ

Executes OS commands

โŒ

Safe for apps

โŒ
Contents