"Joshua D. Drake" <jd@commandprompt.com> writes:
> Tom Lane wrote:
>> Being able to edit postgresql.conf gives one the ability to become
>> postgres (hint: you can cause the backend to load a shlib of your
>> choosing, or even more trivially, adjust pg_hba.conf to let you in
>> as superuser), so the above distinction is unenforceable.
> Again, the responsibility of the administrator for the system.
How so? The point is that there is *no such thing* as giving someone
config edit permissions without thereby implicitly trusting them with
the keys to the city. If you trust them that much, you may as well let
them su to postgres. There is no point in using group membership as a
substitute.
regards, tom lane