| From: | Cédric Villemain <cedric(dot)villemain(at)dalibo(dot)com> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stéphane Schildknecht <stephane(dot)schildknecht(at)postgresqlfr(dot)org> |
| Subject: | Re: CREATE USER and createuser not working the same |
| Date: | 2007-09-14 08:21:24 |
| Message-ID: | 200709141021.56473.cedric.villemain@dalibo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Le jeudi 13 septembre 2007, Tom Lane a écrit :
> =?ISO-8859-1?Q?St=E9phane_Schildknecht?=
<stephane(dot)schildknecht(at)postgresqlfr(dot)org> writes:
> > It seems the shell command createuser and the SQL CREATE USER don't act
> > the same way,
>
> They aren't really claimed to.
But the man say :
" createuser is a wrapper around the SQL command CREATE ROLE [create_role(7)].
There is no effective difference between creating users via this utility and
via other methods for accessing the server."
> But the difference you point to is
> irrelevant, since a superuser has createrole and createdb privilege
> (and every other privilege) independently of what those columns say.
It is right, but look at this scenario :
CREATE ROLE super SUPERUSER;
ALTER ROLE super NOSUPERUSER;
No RIGHT to CREATEDB.
If superuser is created using commandline, he can still CREATEDB after the
same ALTER ROLE
I think there is 2 options:
- change the manual and keep the actual method.
- don't stop asking privilege on createuser (it actually break after 'yes' to
superuser)
or do nothing...
--
Cédric Villemain
Administrateur de Base de Données
Cel: +33 (0)6 74 15 56 53
http://dalibo.com - http://dalibo.org
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Boris | 2007-09-16 01:08:57 | BUG #3610: Vaccum stop and can not continue |
| Previous Message | Bruce Momjian | 2007-09-14 03:06:54 | Re: psql \COPY accepts multiple NULL AS |