Skip site navigation (1) Skip section navigation (2)

Re: Autovacuum Issues?

From: Kenneth Buckler <kenneth(dot)buckler(at)gmail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Autovacuum Issues?
Date: 2011-01-31 20:12:20
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-general
Well, that's good news and bad news.

Good news...the application developers' jobs just got a little easier.

Bad news...I get to document why we can't meet this security requirement.

And yes, I agree, it's a pretty air-headed requirement.  If I spent
less time chasing compliance, I might actually make the system more


On Mon, Jan 31, 2011 at 1:07 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Kenneth Buckler <kenneth(dot)buckler(at)gmail(dot)com> writes:
>> Does autovacuum automatically use the 'postgres' role?
> It automatically uses the bootstrap superuser role.
>> If so, how can I change what role autovacuum uses?
> You can't.
>> One of the security requirements
>> I've been required to implement removes superuser privileges from
>> postgres and assigns those privileges to a different role.
> You can't mess around with the bootstrap superuser.  If you like, you
> can cause it to be named something other than "postgres" --- just run
> initdb as some other operating system user name.  (I think it would also
> work to do ALTER USER RENAME after the fact, but haven't really
> experimented with the consequences of that.)  But otherwise, this
> "security requirement" seems pretty air-headed.  You have to have a
> superuser.
>                        regards, tom lane

In response to

pgsql-general by date

Next:From: asia123321Date: 2011-01-31 20:12:45
Subject: Re: Update existing system explicit cast to make itimplicit
Previous:From: asia123321Date: 2011-01-31 20:07:07
Subject: Re: Update existing system explicit cast to make itimplicit

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group