On Wed, 2023-08-30 at 02:44 +0200, Erik Wienhold wrote:
> I recently created a superuser with createuser on 15.4 and was surprised that
> the superuser also has the CREATEDB and CREATEROLE attribute (although redundant
> for a superuser). The docs [1] even say that --no-createdb and --no-createrole
> are the defaults. Those options don't even have an effect when used along with
> --superuser. I checked CREATE USER (which I normally use) and it does not
> automatically set CREATEDB and CREATEROLE.
>
> $ sudo -u postgres createuser --superuser alice
> $ sudo -u postgres createuser --superuser --no-createdb --no-createrole bob
> $ sudo -u postgres psql
> postgres=# CREATE ROLE carol SUPERUSER;
> postgres=# \du
> List of roles
> Role name | Attributes | Member of
> -----------+------------------------------------------------------------+-----------
> alice | Superuser, Create role, Create DB | {}
> bob | Superuser, Create role, Create DB | {}
> carol | Superuser | {}
> postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
>
> The docs for createuser also state that "there is no effective difference
> between creating users via this utility and via other methods for accessing
> the server."
>
> The problem I see here is that the behavior is unexpected.
I am somewhat surprised too, but it has been like that since commit 8ae0d476a9 in 2005.
The code is pretty clear about that:
if (superuser == TRI_YES)
{
/* Not much point in trying to restrict a superuser */
createdb = TRI_YES;
createrole = TRI_YES;
}
I would say that changing that long standing behavior would cause more harm than benefit.
First, as the code says, it doesn't make a lot of difference. And who knows, perhaps
someone somewhere creates superusers, later changes them to NOSUPERUSER and expects
CREATEDB and CREATEROLE to be set after that.
If anything, we could add something to the documentation.
Yours,
Laurenz Albe
