| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: let's disallow ALTER ROLE bootstrap_superuser NOSUPERUSER |
| Date: | 2022-07-22 17:21:54 |
| Message-ID: | f941fa4a-a294-165a-82c4-947d3c8425f6@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 7/21/22 12:46, Tom Lane wrote:
> "David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
>> On Thu, Jul 21, 2022 at 9:28 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>> True, but what if the idea is to have *no* superusers? I seem
>>> to recall people being interested in setups like that.
>
>> I would expect an initdb option (once this is possible) to specify this
>> desire and we just never set one up in the first place. It seems
>> impractical to remove one after it already exists.
>
> There has to be a role that owns the built-in objects. Robert's point
> is that pretending that that role isn't high-privilege is silly.
My strategy has been to ensure no other roles are members of the
bootstrap superuser role, and then alter the bootstrap user to be
NOLOGIN. E.g. in the example here:
And checked here:
--
Joe Conway
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Maciek Sakrejda | 2022-07-22 17:42:11 | Re: warn if GUC set to an invalid shared library |
| Previous Message | Joe Conway | 2022-07-22 16:49:10 | Re: [PATCH] Introduce array_shuffle() and array_sample() |