Обсуждение: Rename or Removing Postgres user
Dear Postgres Experts,
I want to know if I rename 'postgres' user to 'someuser' retaining it's privileges i.e superuser and other privileges.
Or what if I drop the 'postgres' user and create a new superuser. I tried dropping Postgres user but it says "cannot drop role postgres because it is required by the database system".
So my concern is what happens if I rename it. As far as I can check there's no impact, but in case anyone has faced issues regarding this, please suggest.
Thanks & Regards,
Devendra
AFAIK you cannot rename the postgres default super user. The name is set with initdb.
On Thu, 14 Feb 2019, 07:50 Devendra Yadav, <devendra.857@gmail.com> wrote:
Dear Postgres Experts,I want to know if I rename 'postgres' user to 'someuser' retaining it's privileges i.e superuser and other privileges.Or what if I drop the 'postgres' user and create a new superuser. I tried dropping Postgres user but it says "cannot drop role postgres because it is required by the database system".So my concern is what happens if I rename it. As far as I can check there's no impact, but in case anyone has faced issues regarding this, please suggest.Thanks & Regards,Devendra
Hi Devendra,
Session login user can not rename. You need to create a another super user, log in as a new super user, and then rename default postgres user using alter.
On Thu, Feb 14, 2019 at 12:20 PM Devendra Yadav <devendra.857@gmail.com> wrote:
Dear Postgres Experts,I want to know if I rename 'postgres' user to 'someuser' retaining it's privileges i.e superuser and other privileges.Or what if I drop the 'postgres' user and create a new superuser. I tried dropping Postgres user but it says "cannot drop role postgres because it is required by the database system".So my concern is what happens if I rename it. As far as I can check there's no impact, but in case anyone has faced issues regarding this, please suggest.Thanks & Regards,Devendra
Why do you want to do this considering you are prevented because it is REQUIRED? Sent from my iPad > On Feb 14, 2019, at 12:49 AM, Devendra Yadav <devendra.857@gmail.com> wrote: > > Dear Postgres Experts, > > I want to know if I rename 'postgres' user to 'someuser' retaining it's privileges i.e superuser and other privileges. > > Or what if I drop the 'postgres' user and create a new superuser. I tried dropping Postgres user but it says "cannot droprole postgres because it is required by the database system". > > So my concern is what happens if I rename it. As far as I can check there's no impact, but in case anyone has faced issuesregarding this, please suggest. > > Thanks & Regards, > Devendra
Dear Shreeyansh,
Thanks a lot for your advice. I did it the same way you mentioned. Please share if it has any pull off.
Dear John,
One of the main reason behind it is majorly Security. Can you help me with the effects of doing so.
Thanks & Regards,
Devendra
Devendra Yadav wrote: > I want to know if I rename 'postgres' user to 'someuser' retaining it's privileges i.e superuser and other privileges. > > Or what if I drop the 'postgres' user and create a new superuser. I tried dropping Postgres user but it says "cannot droprole postgres because it is required by the database system". > > So my concern is what happens if I rename it. As far as I can check there's no impact, but in case anyone has faced issuesregarding this, please suggest. You can rename the user without any problems. Internally, only the object ID of the role is used, the name is just an entry in "pg_authid". Resources outside the database proper, for example configuration files like "pg_hba.conf", will have to be adapted. You cannot drop the "postgres" user, however. You say further downthread that you want to do this for security reasons. Keep in mind that this is the lowest form of security: "security by obscurity". For better security, make sure that the superuser can only log in from the database machine itself, and that only administrators get shell access there. Yours, Laurenz Albe -- Cybertec | https://www.cybertec-postgresql.com
On Thu, 14 Feb 2019 at 23:15, Devendra Yadav <devendra.857@gmail.com> wrote:
Dear Shreeyansh,Thanks a lot for your advice. I did it the same way you mentioned. Please share if it has any pull off.Dear John,One of the main reason behind it is majorly Security. Can you help me with the effects of doing so.Thanks & Regards,Devendra
Changing the name or disabling postgres is not going to have any appreciable impact on improving security - in fact, you run the risk of reducing security and potentially introducing other problems because you are going to make your environment bespoke and possibly more complex to work with. Many security weaknesses are the result of simple admin errors rather than due to 'evit doers' attacking your system. Bottom line is that all your database administrator accounts need to be hardened and secure regardless of what name is used. By changing the name, you run the risk that the account won't be included in audits and other security checks or administrators will not recognise the level of sensitivity which should be applied to the account. Far better off to use the standard account, but make sure it is locked down with multiple layers of security.
-- regards,
Tim
--
Tim CrossThanks a ton Tim & Laurenz for your valuable suggestions.They are quite considerable, I'll reevaluate on this.
Thanks and Regards
Devendra