Re: let's disallow ALTER ROLE bootstrap_superuser NOSUPERUSER

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Joe Conway <mail(at)joeconway(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: let's disallow ALTER ROLE bootstrap_superuser NOSUPERUSER
Date: 2022-07-22 20:40:48
Message-ID: CA+Tgmobth+RTi9kO0ejmozbUx9kjN9z_Z-Uo1qvB1RTSMLEt5g@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Fri, Jul 22, 2022 at 1:21 PM Joe Conway <mail(at)joeconway(dot)com> wrote:
> My strategy has been to ensure no other roles are members of the
> bootstrap superuser role, and then alter the bootstrap user to be
> NOLOGIN. E.g. in the example here:

Yeah, making the bootstrap role NOLOGIN seems more reasonable than
making it NOSUPERUSER, at least to me.

--
Robert Haas
EDB: http://www.enterprisedb.com

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Cary Huang 2022-07-22 20:58:08 Re: Add last failed connection error message to pg_stat_wal_receiver
Previous Message Tom Lane 2022-07-22 20:40:43 Re: make -C libpq check fails obscurely if tap tests are disabled