From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: CATUPDATE confusion? |
Date: | 2015-02-26 03:05:41 |
Message-ID: | 20150226030541.GG29780@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
* Peter Eisentraut (peter_e(at)gmx(dot)net) wrote:
> On 2/25/15 3:39 PM, Stephen Frost wrote:
> >> I'd get rid of that whole check, not just replace rolcatupdate by rolsuper.
> >
> > Err, wouldn't this make it possible to grant normal users the ability to
> > modify system catalogs? I realize that they wouldn't have that
> > initially, but I'm not sure we want the superuser to be able to grant
> > that to non-superusers..
>
> Why not? I thought we are trying to get rid of special superuser behavior.
Agreed, but I'd also like to get rid of any reason, beyond emergency
cases, for people to modify the catalog directly. There's a few places
which we aren't yet doing that, but I'd rather fix those cases than
encourage people to give out rights to modify them and end up making
things like:
"UPDATE pg_database SET datallowconn = false where datname = 'xyz';"
an accepted interface.
> After all, superusers can also make the other user a superuser to bypass
> this issue.
Sure, but that gives us the option to write off whatever happens next as
not our fault.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Amit Langote | 2015-02-26 03:15:17 | Re: Partitioning WIP patch |
Previous Message | Peter Eisentraut | 2015-02-26 03:01:02 | Re: CATUPDATE confusion? |