Greetings,
* Alexandra Ryzhevich (aryzhevich@google.com) wrote:
> In an environment where we control the host system and all installed
> extensions, we need to allow postgresql non-superuser to install all of
> them, without opening gaps that will let this user gain superuser
> privileges. We have a sample solution to add a new default role
> pg_create_extension which does not need superuser privilege to create any
> extensions.
> However we are not sure if it's the best approach. Are there any other
> ideas, proposals or feedback?
You'll really need to go look at the mailing list archives for prior
discussion around this (of which there was quite a bit).
> Is this something you would consider adding to the next major release?
For my 2c, I'd like something along these lines when it comes to a
capability but it's just not that simple.
Further, while you might make it such that a non-superuser could install
the extensions, those extensions may have superuser checks inside them
as well which would need to be addressed or at least considered. There
isn't too much point in installing an extension if everything that
extension allows requires superuser rights.
Lastly, you'll certainly want to look at some of the extensions to see
if what they install are things you really want a non-superuser to be
able to do, in particular in cases where you're getting an extension
from a third party but there may even be cases in contrib where an
extension, once installed, allows a non-superuser to do things that a
hosted environment might prefer they didn't.
Thanks!
Stephen