Skip site navigation (1) Skip section navigation (2)

Re: CREATE USER and createuser not working the same

From: Cédric Villemain <cedric(dot)villemain(at)dalibo(dot)com>
To: pgsql-bugs(at)postgresql(dot)org
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stéphane Schildknecht <stephane(dot)schildknecht(at)postgresqlfr(dot)org>
Subject: Re: CREATE USER and createuser not working the same
Date: 2007-09-19 08:29:40
Message-ID: 200709191029.45560.cedric.villemain@dalibo.com (view raw or flat)
Thread:
Lists: pgsql-bugs
Le vendredi 14 septembre 2007, Cédric Villemain a écrit :
> Le jeudi 13 septembre 2007, Tom Lane a écrit :
> > =?ISO-8859-1?Q?St=E9phane_Schildknecht?=
>
> <stephane(dot)schildknecht(at)postgresqlfr(dot)org> writes:
> > > It seems the shell command createuser and the SQL CREATE USER don't act
> > > the same way,
> >
> > They aren't really claimed to.
>
> But the man say :
> " createuser is a wrapper around the SQL command CREATE ROLE
> [create_role(7)]. There is no effective difference between creating users
> via this utility and via other methods for accessing the server."
>
> > But the difference you point to is
> > irrelevant, since a superuser has createrole and createdb privilege
> > (and every other privilege) independently of what those columns say.
>

The superuser has no createrole and createdb privilege, he has superuser 
privilege, which is enought to bypass createrole and createdb privilege.

There where no real answer about that. 
What do we do ? 

> It is right, but look at this scenario :
>
> CREATE ROLE super SUPERUSER;
> ALTER ROLE super NOSUPERUSER;
>
> No RIGHT to CREATEDB.
>
> If superuser is created using commandline, he can still CREATEDB after the
> same ALTER ROLE
>
> I think there is 2 options:
>
>  - change the manual and keep the actual method.
>  - don't stop asking privilege on createuser (it actually break after 'yes'
> to superuser)
>
> or do nothing...



-- 
Cédric Villemain
Administrateur de Base de Données
Cel: +33 (0)6 74 15 56 53
http://dalibo.com - http://dalibo.org

In response to

pgsql-bugs by date

Next:From: Guillaume 'ioguix' de RorthaisDate: 2007-09-19 18:19:13
Subject: BUG #3619: Renaming sequence does not update its 'sequence_name' field
Previous:From: Herouth MaozDate: 2007-09-18 21:51:42
Subject: BUG #3616: PgAdminIII crashes on copy operation

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group