Dimitri Fontaine <dimitri@2ndQuadrant.fr> writes:
> Tom Lane <tgl@sss.pgh.pa.us> writes:
>> We'll add a new boolean parameter to extension control files, called say
>> "dba_create" (ideas for better names welcome). If it's missing or set
>> to false, there's no change in behavior. When it's true, then
>>
>> (a) you must be superuser or owner of the current database to create the
>> extension;
>>
>> (b) the commands within the extension's script will be run as though by a
>> superuser, even if you aren't one.
> That's called sudo on linux. I propose that we stick to such a name.
I'm not impressed with that name: it will mean nothing to Windows users,
nor for that matter to many non-sysadmin types on Unix.
> Do we want a more general SUDO facility in PostgreSQL? It would be, I
> guess, about the same thing as SET ROLE postgres;
Yeah, I think SET ROLE already covers that territory.
The point of the current proposal is to grant a very limited subset of
superuser privileges --- specifically, the right to install specific
extensions --- to database owners. Maybe it'd make sense to eliminate
the tie to database ownership and instead consider that you're allowed
to do this if you're a member of some predefined role, which then would
typically be GRANTed to database owners or other semi-trustworthy people.
But we don't currently have any predefined group roles like that, so
it'd be a rather large departure from past practice.
regards, tom lane
