Thanks for your response. What I'm doing now is that, I create a user:
create user admin with password 'password' createdb createrole createuser;
And then grant some privleges, e.g.:
grant execute on function current_setting(setting_name text) to admin with grant option;
I'm grating all the functionality this "almost superuser" needs, expect the functions I disallow (like pg_ls_dir for example). But I still don't know if I'm granting all the functionality a superuser has. What would be great is some documentation explaining a bit more what a superuser is able to do. Unfortunately, I haven't found any. All I have found is some random "you need to be superuser to do this", but not a complete list of what a superuser can do...
A SUPERUSER will bypass every database privileges (if it have a right entry in pg_hba), so if you want to create an "almost superuser" you'll have to look at GRANT and REVOKE (that have no effect to superusers). You may also create a role with CREATEDB then create the database you want. Take a look at: http://www.postgresql.org/docs/9.2/static/ddl-priv.html.
I'd like to create a user that is almost a superuser, but without some privileges. I cannot create a superuser and then revoke privileges from them, because by definition nothing can be revoked from superusers. So how can I know what a superuser is able to execute compared to a user with the rest of attributes, but without superuser? If I knew this I could grant those privileges after I create the user.
