| From: | Stéphane Schildknecht <stephane(dot)schildknecht(at)postgresqlfr(dot)org> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | CREATE USER and createuser not working the same |
| Date: | 2007-09-13 06:39:51 |
| Message-ID: | 46E8DB37.9070809@postgresqlfr.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hi,
It seems the shell command createuser and the SQL CREATE USER don't act
the same way, unless the documentation says they do.
In fact, asking to see the role created with the external command let
see that a superuser created that way hase rights of superuser AND
'create role', 'create DB' rights, while a superuser created with an SQL
query does have superuser rights, but it is said it doesn't have create
role and create db role.
The superuser created the second way can create a role or a DB
has the code do bypass these rights check, has the first test lokks for
superuser privileges.
I wonder then where this bug takes place, if ever you think it is a bug.
Is it just a undocumented difference?
I'm afraid it is just a bit more than that as it shows a superuser does
not have all the rights one would think he has. Despite the fact he
actually has them.
The difference comes from the fact that the external command "createuser
foo" translates into "CREATE ROLE foo SUPERUSER CREATEDB CREATEROLE
INHERIT LOGIN;"
Is it wrong to wonder that a superuser should have createdb and
createrole by default ?
I'm working with PostgreSQL8.2.4 on Kubuntu 7.04. PostgreSQL was
compiled. Seems to be the same with 8.2.5 version.
Let's create a superuser named 'superdba' with the shell command:
$ LANGUAGE=en_US createuser superdba
Shall the new role be a superuser? (y/n) y
CREATE ROLE
$ LANGUAGE=en_US psql postgres postgres -c '\du'
List of roles
Role name | Superuser | Create role | Create DB | Connections | Member of
-----------+-----------+-------------+-----------+-------------+-----------
superdba | yes | yes | yes | no limit |
The superuser has Create Role and Create DB rights.
Now let's do the same with a SQL query:
postgres=# create role superdba3 superuser login;
CREATE ROLE
postgres=# \du
List of roles
Role name | Superuser | Create role | Create DB | Connections | Member of
-----------+-----------+-------------+-----------+-------------+-----------
superdba3 | yes | no | no | no limit |
Best regards,
--
Stéphane SCHILDKNECHT
Président de PostgreSQLFr
http://www.postgresqlfr.org
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Darren Ginter | 2007-09-13 12:03:44 | BUG #3609: Failed to create process for initdb |
| Previous Message | valgog | 2007-09-12 14:41:31 | Cannot select from 'UPDATE RETURNING' |