From: | Bear Giles <bgiles(at)coyotesong(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | bejita0409(at)yahoo(dot)co(dot)jp, "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: How to revoke privileged from PostgreSQL's superuser |
Date: | 2018-08-06 13:45:16 |
Message-ID: | CALBNtw6PBg=bAb1-yZuxN3yLk=75zsetw=bKo7x7mkKfwLnibA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin pgsql-general |
Thanks, I didn't realize that this was handled by a flag instead of just
the standard permissions.
On Mon, Aug 6, 2018 at 7:43 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Bear Giles <bgiles(at)coyotesong(dot)com> writes:
> > In postgresql the equivalent user is 'postgres'. Nobody should ever be
> > logged in as that user once you've created the initial user(s). What
> > postgresql calls a 'superuser' is just a user with a few permissions set
> by
> > default. It's easy to grant the same privileges to any user, or drop them
> > from someone created as a superuser.
>
> Well, more to the point, a superuser is somebody with the rolsuper bit
> set in their pg_authid entry. You can revoke the bootstrap superuser's
> superuserness if you have a mind to -- see ALTER USER. However, as
> everyone has pointed out already, this is a bad idea and you will end
> up undoing it. (Figuring out how to do that without a reinstall is left
> as penance for insisting on a bad idea. It is possible, and I think
> even documented.)
>
> However: a whole lot of what the bootstrap superuser can do is inherent
> in being the owner of all the built-in database objects, and that you
> cannot get rid of. Objects have to be owned by somebody.
>
> regards, tom lane
>
From | Date | Subject | |
---|---|---|---|
Next Message | Evan Bauer | 2018-08-06 14:13:02 | Re: How to revoke privileged from PostgreSQL's superuser |
Previous Message | Bear Giles | 2018-08-06 13:44:08 | Re: How to revoke privileged from PostgreSQL's superuser |
From | Date | Subject | |
---|---|---|---|
Next Message | Evan Bauer | 2018-08-06 14:13:02 | Re: How to revoke privileged from PostgreSQL's superuser |
Previous Message | Bear Giles | 2018-08-06 13:44:08 | Re: How to revoke privileged from PostgreSQL's superuser |