Postgres Pro
Downloads
Home   >   mailing lists

CREATE USER and createuser not working the same - Mailing list pgsql-bugs

From Stéphane Schildknecht
Subject CREATE USER and createuser not working the same
Date
Msg-id 46E8DB37.9070809@postgresqlfr.org
Whole thread Raw
Responses Re: CREATE USER and createuser not working the same  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-bugs
Tree view 
Hi,

It seems the shell command createuser and the SQL CREATE USER don't act
the same way, unless the documentation says they do.

In fact, asking to see the role created with the external command let
see that a superuser created that way hase rights of superuser AND
'create role', 'create DB' rights, while a superuser created with an SQL
query does have superuser rights, but it is said it doesn't have create
role and create db role.

The superuser created the second way can create a role or a DB
has the code do bypass these rights check, has the first test lokks for
superuser privileges.

I wonder then where this bug takes place, if ever you think it is a bug.
Is it just a undocumented difference?
I'm afraid it is just a bit more than that as it shows a superuser does
not have all the rights one would think he has. Despite the fact he
actually has them.

The difference comes from the fact that the external command "createuser
foo" translates into "CREATE ROLE foo SUPERUSER CREATEDB CREATEROLE
INHERIT LOGIN;"

Is it wrong to wonder that a superuser should have createdb and
createrole by default ?

I'm working with PostgreSQL8.2.4 on Kubuntu 7.04. PostgreSQL was
compiled. Seems to be the same with 8.2.5 version.



Let's create a superuser named 'superdba' with the shell command:

$ LANGUAGE=en_US createuser superdba
Shall the new role be a superuser? (y/n) y
CREATE ROLE

$ LANGUAGE=en_US psql postgres postgres -c '\du'                              List of rolesRole name | Superuser |
Createrole | Create DB | Connections | Member of 
-----------+-----------+-------------+-----------+-------------+-----------superdba  | yes       | yes         | yes
  | no limit    | 

The superuser has Create Role and Create DB rights.

Now let's do the same with a SQL query:

postgres=# create role superdba3 superuser login;
CREATE ROLE
postgres=# \du                              List of rolesRole name | Superuser | Create role | Create DB | Connections
|Member of 
-----------+-----------+-------------+-----------+-------------+-----------superdba3 | yes       | no          | no
  | no limit    | 


Best regards,

--
Stéphane SCHILDKNECHT
Président de PostgreSQLFr
http://www.postgresqlfr.org

pgsql-bugs by date:

Previous
From: valgog
Date:
Subject: Cannot select from 'UPDATE RETURNING'
Next
From: "Darren Ginter"
Date:
Subject: BUG #3609: Failed to create process for initdb