Quick Links

Re: How to revoke privileged from PostgreSQL's superuser

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Bear Giles <bgiles(at)coyotesong(dot)com>
Cc:	bejita0409(at)yahoo(dot)co(dot)jp, "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject:	Re: How to revoke privileged from PostgreSQL's superuser
Date:	2018-08-06 13:43:06
Message-ID:	26930.1533562986@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin pgsql-general

Bear Giles <bgiles(at)coyotesong(dot)com> writes:
> In postgresql the equivalent user is 'postgres'. Nobody should ever be
> logged in as that user once you've created the initial user(s). What
> postgresql calls a 'superuser' is just a user with a few permissions set by
> default. It's easy to grant the same privileges to any user, or drop them
> from someone created as a superuser.

Well, more to the point, a superuser is somebody with the rolsuper bit
set in their pg_authid entry. You can revoke the bootstrap superuser's
superuserness if you have a mind to -- see ALTER USER. However, as
everyone has pointed out already, this is a bad idea and you will end
up undoing it. (Figuring out how to do that without a reinstall is left
as penance for insisting on a bad idea. It is possible, and I think
even documented.)

However: a whole lot of what the bootstrap superuser can do is inherent
in being the owner of all the built-in database objects, and that you
cannot get rid of. Objects have to be owned by somebody.

regards, tom lane

In response to

Re: How to revoke privileged from PostgreSQL's superuser at 2018-08-06 13:22:54 from Bear Giles

Responses

Re: How to revoke privileged from PostgreSQL's superuser at 2018-08-06 13:45:16 from Bear Giles
Re: How to revoke privileged from PostgreSQL's superuser at 2018-08-06 14:13:02 from Evan Bauer

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Bear Giles	2018-08-06 13:44:08	Re: How to revoke privileged from PostgreSQL's superuser
Previous Message	Bear Giles	2018-08-06 13:22:54	Re: How to revoke privileged from PostgreSQL's superuser

Browse pgsql-general by date

	From	Date	Subject
Next Message	Bear Giles	2018-08-06 13:44:08	Re: How to revoke privileged from PostgreSQL's superuser
Previous Message	Bear Giles	2018-08-06 13:22:54	Re: How to revoke privileged from PostgreSQL's superuser