On Fri, Feb 4, 2011 at 5:08 PM, Dmitriy Igrishin <dmitigr@gmail.com> wrote: > These all (SUPERUSER, CREATEDB, SUPERUSER) are role attributes. > By performing ALTER ROLE postgres NOSUPERUSER it is possible to > turn role with a superuser status into a role that just can create databases > and manage roles (admin, but without superuser privileges).
So is it very bad to alter ANY of the default role attributes granted to the 'postgres' user? I don't know if removing role attributes from him will have negative consequences to features / functional tasks of the PostgreSQL server / client application(s).
Nothing special in 'postgres' user from the POV of DBMS. It is just a user with superuser attribute created when you perform initdb(1). But please note, some OS distributives uses 'postgres' for non-interactive access to all databases for automatic maintenance (custom daily cronjobs, replication, and similar tasks) -- please see you pg_hba.conf file where entry for 'postgres' user usually resides.