Re: How to revoke privileged from PostgreSQL's superuser
| От | Tom Lane |
|---|---|
| Тема | Re: How to revoke privileged from PostgreSQL's superuser |
| Дата | |
| Msg-id | 26930.1533562986@sss.pgh.pa.us обсуждение |
| Ответ на | Re: How to revoke privileged from PostgreSQL's superuser (Bear Giles <bgiles@coyotesong.com>) |
| Ответы |
Re: How to revoke privileged from PostgreSQL's superuser
Re: How to revoke privileged from PostgreSQL's superuser Re: How to revoke privileged from PostgreSQL's superuser Re: How to revoke privileged from PostgreSQL's superuser |
| Список | pgsql-admin |
Bear Giles <bgiles@coyotesong.com> writes:
> In postgresql the equivalent user is 'postgres'. Nobody should ever be
> logged in as that user once you've created the initial user(s). What
> postgresql calls a 'superuser' is just a user with a few permissions set by
> default. It's easy to grant the same privileges to any user, or drop them
> from someone created as a superuser.
Well, more to the point, a superuser is somebody with the rolsuper bit
set in their pg_authid entry. You can revoke the bootstrap superuser's
superuserness if you have a mind to -- see ALTER USER. However, as
everyone has pointed out already, this is a bad idea and you will end
up undoing it. (Figuring out how to do that without a reinstall is left
as penance for insisting on a bad idea. It is possible, and I think
even documented.)
However: a whole lot of what the bootstrap superuser can do is inherent
in being the owner of all the built-in database objects, and that you
cannot get rid of. Objects have to be owned by somebody.
regards, tom lane
В списке pgsql-admin по дате отправления: