> Isn't it just enough to prevent the user with userid 1 from losing the
> superuser status. If one want to allow it one could prevent it just when
> doing the ALTER USER stuff and allow it when editing pg_shadow directly.
> Or maybe have some guc variable that write locks the user with id 1.
That gets my vote - can't take superuser off id 1...
> Given that it was so "simple" to restore I'm not sure if it's worth it or
> not, but restricting just user 1 does not give any of the problems you
> wrote about.
Well, sergio sure wasn't very happy...
And if I ever get around to my patch that separates out superuser and
catalog modification privileges, superusers will no longer necessarily
be able to 'delete from pg_proc';
Chris
