Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?

Поиск
Список
Период
Сортировка
От David G. Johnston
Тема Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?
Дата
Msg-id CAKFQuwZg2-Lsrjf=-LF8q+CN+4GPK1bJcEA_zia4XUo81ZLQKQ@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?  (Adrian Klaver <adrian.klaver@aklaver.com>)
Список pgsql-general
Дерево обсуждения
On Mon, Nov 21, 2022 at 5:30 PM Adrian Klaver <adrian.klaver@aklaver.com> wrote:
On 11/21/22 15:05, Bryn Llewellyn wrote:
>
> In fact, David Johnston did unequivocally challenge my strawman a couple of turns back, thus:
>


And the equivocal additions later in the post:

Yeah, even when I try to be unequivocal I tend to fail...Devil's Advocate is another role I enjoy playing.

 
>
> There's also the caveat that a "drop" attempt by a superuser for a single object owned by the bootstrap superuser (say, the "pg_catalog.pg_terminate_backend()" function) in some database causes an error with the message "cannot drop function... because it is required by the database system". (At least, this is what my tests have shown with a smallish sample of drop targets.)

There are some protections in place to prevent the superuser from shooting themselves in the foot accidentally.  They are readily disabled though, through a simple SET command in the session.


Superuser is superuser, there is no magic associated with the bootstrap
superuser.


Not quite true, it is magical in that every initdb thing that needs an owner has it as an owner.  And, at least not easily or desirably, that ownership cannot be transferred, which makes dropping said role problematic.

David J.

В списке pgsql-general по дате отправления:

Предыдущее
От: Adrian Klaver
Дата:
Сообщение: Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?
Следующее
От: chris navarroza
Дата:
Сообщение: system variable can be edited by all user?