I wrote:
> It occurred to me that this would be the likely symptom if a CREATE
> GROUP or ALTER GROUP command had neglected to update the indexes on
> pg_group. However, I can't spot any such problem in the code nor
> cause it to happen by hand. Anyone else have an idea?
After further looking, I notice that users.c is one of the few places
that will drop AccessExclusiveLock at heap_close time rather than
holding it till xact commit. I wonder whether this is a bug...
it could allow another backend to get in and start vacuuming the file
before our updates have committed. I am not sure that vacuum would do
the wrong thing in that case, but maybe so. Comments anyone (Vadim?)
I also notice that there definitely is a glaring bug there:
write_password_file() leaks one kernel file descriptor each time it runs
(note the creat() call). Alter enough pg_shadow entries in one session
and your backend stops working. I think this is a "must fix" problem
--- any objections?
regards, tom lane
