Re: User privileges-verification required
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: "Nauman Naeem" <nauman.naeem@gmail.com>
Cc: pgsql-hackers@postgresql.org
Date: 2006-02-24T15:47:25Z
Lists: pgsql-hackers
"Nauman Naeem" <nauman.naeem@gmail.com> writes: > I tried the single-user mode option and it worked, thanks! but, don't > you people think that we should provide this privilege in multi-user > mode as well.In accordence to my second point. No. Restricting what a superuser can do is pointless --- he can always manage to shoot himself in the foot if he tries hard enough. (Consider eg "DELETE FROM pg_authid".) Trying to fix it in the reverse direction (re-establishing superuser after the last one's been deleted) has obvious security issues. The problem comes up sufficiently seldom that the single-user-mode backdoor seems sufficient. regards, tom lane