Re: Open 7.3 items

Bruce Momjian <pgman@candle.pha.pa.us>

From: Bruce Momjian <pgman@candle.pha.pa.us>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Lamar Owen <lamar.owen@wgcr.org>, Vince Vielhaber <vev@michvhf.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2002-08-15T15:54:17Z
Lists: pgsql-hackers

Attachments

OK, no one complained/commented on my idea of having global users have a
trailing '@', so here is a patch that implements that.  It has the
advantages of:

	no special install user (create global user before enabling feature)
	no /data/PG_INSTALLER file
	allows multiple global users to be easily added
	no namespace collisions because globals have a trailing @
	easy for postmaster to recognize global users
	no double-user lookups of pg_pwd changes
	very small patch footprint

The only downside is that it treats '@' as a special character when it
is enabled, but frankly, because we are appending @dbname anyway, having
'@' as a special character in that case makes sense.

Comments?

---------------------------------------------------------------------------

Bruce Momjian wrote:
> Tom Lane wrote:
> > Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > > I don't know where else to go with the patch at this point.  I think
> > > increasing the number of 'global' users is polluting the namespace too
> > > much,
> > 
> > Why?  If the installation needs N global users, then it needs N global
> > users; who are you to make that value judgment for them?
> > 
> > In practice I think an installation that's using this feature is going
> > to have a pretty small number of global users, and so the issue of
> > collisions with local usernames isn't really as big as it's been painted
> > in this thread.  We could ignore that issue (except for documenting it)
> > and have a perfectly serviceable feature.
> 
> The original idea was that Marc wanted people who could create their own
> users for their own databases.  If we make the creation of global users
> too easy, all of a sudden people don't have control over their db
> usernames because they have to avoid all the global user names already
> defined.  By adding multiple global users, it is diluting the usefulness
> of the feature.
> 
> I suppose a pg_global_users file would be a compromise because only the
> admin could actually add people to that file.  If it was more automatic,
> like writing pg_shadow, someone could create a user without an @ and
> block access for other users to other database, which is bad.
> 
> I still don't like the fact that people think they have control over
> their db namespace, when they really don't, but no one else seems to see
> that as a problem.  The namespace conflicts just yell of poor design.
> 
> OK, I have another idea.  What if we make global users end with an @, so
> dave@ is a global user.  We can easily check for that in the postmaster
> and not append the dbname.  I know it makes @ a special character, but
> considering the problem of namespace collision, it seems better than
> what we have now.  We could add the install user too if we wish, or just
> tell them to make sure they add a user@ before turning on the feature.
> 
> -- 
>   Bruce Momjian                        |  http://candle.pha.pa.us
>   pgman@candle.pha.pa.us               |  (610) 359-1001
>   +  If your life is a hard drive,     |  13 Roberts Road
>   +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
> 
> http://archives.postgresql.org
> 

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073