Re: let's disallow ALTER ROLE bootstrap_superuser NOSUPERUSER
Joe Conway <mail@joeconway.com>
From: Joe Conway <mail@joeconway.com>
To: Tom Lane <tgl@sss.pgh.pa.us>,
"David G. Johnston" <david.g.johnston@gmail.com>
Cc: Robert Haas <robertmhaas@gmail.com>,
"pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2022-07-22T17:21:54Z
Lists: pgsql-hackers
On 7/21/22 12:46, Tom Lane wrote: > "David G. Johnston" <david.g.johnston@gmail.com> writes: >> On Thu, Jul 21, 2022 at 9:28 AM Tom Lane <tgl@sss.pgh.pa.us> wrote: >>> True, but what if the idea is to have *no* superusers? I seem >>> to recall people being interested in setups like that. > >> I would expect an initdb option (once this is possible) to specify this >> desire and we just never set one up in the first place. It seems >> impractical to remove one after it already exists. > > There has to be a role that owns the built-in objects. Robert's point > is that pretending that that role isn't high-privilege is silly. My strategy has been to ensure no other roles are members of the bootstrap superuser role, and then alter the bootstrap user to be NOLOGIN. E.g. in the example here: https://github.com/pgaudit/set_user/blob/1335cd34ca91b6bd19d5e910cc93c831d1ed0db0/README.md?plain=1#L589 And checked here: https://github.com/pgaudit/set_user/blob/1335cd34ca91b6bd19d5e910cc93c831d1ed0db0/README.md?plain=1#L612 https://github.com/pgaudit/set_user/blob/1335cd34ca91b6bd19d5e910cc93c831d1ed0db0/README.md?plain=1#L618 -- Joe Conway RDS Open Source Databases Amazon Web Services: https://aws.amazon.com
Commits
-
Fix brain fade in e530be2c5ce77475d56ccf8f4e0c4872b666ad5f.
- 8bb3ad462f8d 16.0 landed
-
Do not allow removal of superuser privileges from bootstrap user.
- e530be2c5ce7 16.0 landed