Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?

Поиск
Список
Период
Сортировка
От David G. Johnston
Тема Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?
Дата
Msg-id CAKFQuwY80DKQyM7Pd5ygp5CO5OA0F0xRzrk2G=eErvn4P8XoFg@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?  (Bryn Llewellyn <bryn@yugabyte.com>)
Список pgsql-general
Дерево обсуждения
On Sun, Nov 20, 2022 at 6:48 PM Bryn Llewellyn <bryn@yugabyte.com> wrote:
I haven’t seen anything in the PG doc that warns against creating additional superusers—so I suppose that this fact tells me something. Nevertheless, I remain convinced about what I’d recommend here:

The default choice must be to allow only one superuser: the inevitable bootstrap superuser.

If you are talking about your specific setup then it isn't a recommendation, it's a policy that you are defining.  Do what you've concluded is best, you are the one that will end up answering for it.

IMO, there is no good blanket recommendation to give to someone else as to how their policy should be written.  Security, especially of this sort, needs to be architected.  And when doing that evaluation, and drawing those conclusions, there is no reason to exclude, a priori, having multiple named superusers as part of the final policy.  Especially since any policy of this requires not only discussion of PostgreSQL itself but operation systems, configuration management, etc....

David J.

В списке pgsql-general по дате отправления:

Предыдущее
От: Bryn Llewellyn
Дата:
Сообщение: Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?
Следующее
От: Adrian Klaver
Дата:
Сообщение: Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?