Home > mailing lists

superusers are members of all roles? - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	superusers are members of all roles?
Date	April 6, 2011 23:04:52
Msg-id	4D9CF18A.503@dunslane.net Whole thread Raw
Responses	Re: superusers are members of all roles? (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

I just hit this, which at least violated my sense of least astonishment, 
if it's not an outright bug:

After creating a role foo, I added to following lines to my (9.0) 
pg_hba.conf:
   local    all +foo           reject   host     all +foo 0.0.0.0/0 reject

The surprising (to me) consequence was that every superuser was locked 
out of the system. I had not granted them (or anyone) the role, but 
nevertheless these lines took effect.

If this is intended, it should at least be documented. But if it is 
intended then it's ugly anyway, IMNSHO, and we should change it.

cheers

andrew

pgsql-hackers by date:

From: "Kevin Grittner"
Date: 06 April 2011, 22:32:28
Subject: Re: getting to beta

From: Jeff Davis
Date: 06 April 2011, 23:10:37
Subject: Re: lowering privs in SECURITY DEFINER function

superusers are members of all roles? - Mailing list pgsql-hackers

Previous

Next