| From: | Sérgio Monteiro Basto <sergiomb(at)netcabo(dot)pt> |
|---|---|
| To: | Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> |
| Cc: | Dennis Bjorklund <db(at)zigo(dot)dhs(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Big problem |
| Date: | 2004-05-24 20:32:43 |
| Message-ID: | 1085430763.3357.4.camel@darkstar |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, 2004-05-24 at 16:03, Christopher Kings-Lynne wrote:
> > Isn't it just enough to prevent the user with userid 1 from losing the
> > superuser status. If one want to allow it one could prevent it just when
> > doing the ALTER USER stuff and allow it when editing pg_shadow directly.
> > Or maybe have some guc variable that write locks the user with id 1.
>
> That gets my vote - can't take superuser off id 1...
Gets my vote too, postgres user can't take superuser off.
>
> > Given that it was so "simple" to restore I'm not sure if it's worth it or
> > not, but restricting just user 1 does not give any of the problems you
> > wrote about.
>
> Well, sergio sure wasn't very happy...
yes I wasn't but "Stop postmaster and start a standalone backend. Now
you are asuperuser, and you can create a new superuser, or just go in
and UPDATE pg_shadow to make your original user super again. Exit
standalone backend, restart postmaster, have a beer."
worked !
thanks ,
>
> And if I ever get around to my patch that separates out superuser and
> catalog modification privileges, superusers will no longer necessarily
> be able to 'delete from pg_proc';
>
> Chris
--
Sérgio M. B.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephan Szabo | 2004-05-24 20:52:25 | Re: Optimizer bug?? |
| Previous Message | Ismail Kizir | 2004-05-24 19:22:47 | Re: Optimizer bug?? |