Thread: the docs, and newbies.
Hi, Yesterday, here at Pg.Inc I got a call from a prospective user about the documentation of Postgres. Particulary the install docs. The user brought up some points, that I always took for granted as "an experienced" unix user. Such as when it said "create a superuser for postgresql" .. I know the first time i read this part of the docs i thought to myself .. hrmm do they mean auser with root privileges, but a different name, or just an ordinary user to do postgres stuff ? However the user said that to completly new users of [u | li]nux even adding a new user is something that not everyone wants. he said, that alot of people want to just be able to get a database running, and be able to do sql.. and not deal with the "system" as much. in my mind.. i can justify to my self "that's just not the way unix works" but to alot of people out there that don't have propeller hats like us.. it's not the way they expect htings to work. just wondering if there is any thoughts people have to make the install directions more appealing to "get people in" but at the same time experienced UNIX users can just ignore certain parts of the docs.. ok well that was long winded.. Jeff MacDonald, ----------------------------------------------------- PostgreSQL Inc | Hub.Org Networking Services jeff@pgsql.com | jeff@hub.org www.pgsql.com | www.hub.org 1-902-542-0713 | 1-902-542-3657 ----------------------------------------------------- Facsimile : 1 902 542 5386 IRC Nick : bignose
I wonder if we should call this the PostgreSQL "special" users, rather than super? > Hi, > > Yesterday, here at Pg.Inc I got a call from a prospective user > about the documentation of Postgres. Particulary the install > docs. > > The user brought up some points, that I always took for granted > as "an experienced" unix user. Such as when it said "create a > superuser for postgresql" .. > > I know the first time i read this part of the docs i thought > to myself .. hrmm do they mean auser with root privileges, but > a different name, or just an ordinary user to do postgres stuff ? > > However the user said that to completly new users of [u | li]nux > even adding a new user is something that not everyone wants. > > he said, that alot of people want to just be able to get a database > running, and be able to do sql.. and not deal with the "system" as much. > > in my mind.. i can justify to my self "that's just not the way unix works" > > but to alot of people out there that don't have propeller hats like > us.. it's not the way they expect htings to work. > > just wondering if there is any thoughts people have to make the install > directions more appealing to "get people in" but at the same time > experienced UNIX users can just ignore certain parts of the docs.. > > ok well that was long winded.. > > Jeff MacDonald, > > ----------------------------------------------------- > PostgreSQL Inc | Hub.Org Networking Services > jeff@pgsql.com | jeff@hub.org > www.pgsql.com | www.hub.org > 1-902-542-0713 | 1-902-542-3657 > ----------------------------------------------------- > Facsimile : 1 902 542 5386 > IRC Nick : bignose > > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
Bruce Momjian wrote: > > I wonder if we should call this the PostgreSQL "special" users, rather > than super? Hmmm... How about 'the PostgreSQL database administrative user' -- and spell out just exactly what this user is supposed to be? -- Lamar Owen WGCR Internet Radio 1 Peter 4:11
Jeff MacDonald writes:
> I know the first time i read this part of the docs i thought
> to myself .. hrmm do they mean auser with root privileges, but
> a different name, or just an ordinary user to do postgres stuff ?
1. Create the PostgreSQL server account. This is the user the server will
run as. For production use you should create a separate, unprivileged
account ("postgres" is commonly used). If you do not have root access
or just want to play around, your own user account is enough, but
running the server as root is a security risk and therefore not
allowed.
adduser postgres
What part is unclear?
> just wondering if there is any thoughts people have to make the install
> directions more appealing to "get people in" but at the same time
> experienced UNIX users can just ignore certain parts of the docs..
There have been continuous improvements to this end. Specific suggestions
are welcome. But it's not our job to explain Unix to people.
--
Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
Lamar Owen writes: > Bruce Momjian wrote: > > > > I wonder if we should call this the PostgreSQL "special" users, rather > > than super? > > Hmmm... How about 'the PostgreSQL database administrative user' -- and > spell out just exactly what this user is supposed to be? Maybe like As with any other server daemon that is connected to the world at large, it is advisable to run Postgres under a separate user account. This user account should only own the data itself that is being managed by the server, and should not be shared with other daemons. (Thus, using the user <quote>nobody</quote> is a bad idea.) It is not advisable to install the executables as owned by this user account because that runs the risk of user-defined functions gone astray or any other exploits compromising the executable programs. Oh wait, we already have that. -- Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
I like that name. It is more accurate and less "UNIXy". And more people would understand what a "administrative user" is that a superuser. On Sat, 4 Nov 2000, Lamar Owen wrote: > Bruce Momjian wrote: > > > > I wonder if we should call this the PostgreSQL "special" users, rather > > than super? > > Hmmm... How about 'the PostgreSQL database administrative user' -- and > spell out just exactly what this user is supposed to be? > -- > Lamar Owen > WGCR Internet Radio > 1 Peter 4:11 >
Does anyone want to comment on this idea? > I like that name. It is more accurate and less "UNIXy". And more people > would understand what a "administrative user" is that a superuser. > > On Sat, 4 Nov 2000, Lamar Owen wrote: > > > Bruce Momjian wrote: > > > > > > I wonder if we should call this the PostgreSQL "special" users, rather > > > than super? > > > > Hmmm... How about 'the PostgreSQL database administrative user' -- and > > spell out just exactly what this user is supposed to be? > > -- > > Lamar Owen > > WGCR Internet Radio > > 1 Peter 4:11 > > > > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Does anyone want to comment on this idea?
Forget it. How many people here are going to type out "administrative
user" instead of "superuser" every time they need to mention the term
in email? How many people here can even spell it correctly without
thinking twice? It's not gonna happen.
>> I like that name. It is more accurate and less "UNIXy". And more people
>> would understand what a "administrative user" is that a superuser.
I disagree with two out of those three claims, and the third ("less
UNIXy") may be correct but it is not particularly important. The
Postgres superuser stands in exactly the same relationship to the
database that the Unix superuser does to a Unix system. Therefore,
the term is perfectly accurate and will convey exactly the intended
meaning to anyone who's familar with Unix system administration.
Indeed, the only people who are likely to be confused are those who
make the mistake of assuming that the Postgres superuser is the same
as the Unix superuser ... and only those who have heard of a Unix
superuser can possibly make that error in the first place. Nobody
has ever heard of an "administrative user" or is likely to draw all
the correct implications from that term at first glance.
"Superuser" is short, easy to spell correctly, and has the right
overtones for people familiar with Unix sysadmin duties. If you
want to advocate a different term, try to pick one that retains
at least some of those properties.
regards, tom lane
On Sun, Jan 21, 2001 at 11:04:42PM -0500, Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > Does anyone want to comment on this idea?
>
> Forget it. How many people here are going to type out "administrative
> user" instead of "superuser" every time they need to mention the term
> in email? How many people here can even spell it correctly without
> thinking twice? It's not gonna happen.
>
> >> I like that name. It is more accurate and less "UNIXy". And more people
> >> would understand what a "administrative user" is that a superuser.
>
> I disagree with two out of those three claims, and the third ("less
> UNIXy") may be correct but it is not particularly important. The
> Postgres superuser stands in exactly the same relationship to the
> database that the Unix superuser does to a Unix system. Therefore,
> the term is perfectly accurate and will convey exactly the intended
> meaning to anyone who's familar with Unix system administration.
> Indeed, the only people who are likely to be confused are those who
> make the mistake of assuming that the Postgres superuser is the same
> as the Unix superuser ... and only those who have heard of a Unix
> superuser can possibly make that error in the first place. Nobody
> has ever heard of an "administrative user" or is likely to draw all
> the correct implications from that term at first glance.
Hmm, isn't the confusion over system superuser and postgresql database
superuser excatly the reason this change was suggested? I seem to
recall this is a FAQ (even if it's not in the FAQ). Those who make the
mistake are those who are more familiar with databases than operating
systems. They see 'superuser', and think 'oh, I know what that is' in
specific, not in general. I remember being slightly confused on this
very issue myself the first time I installed pgsql. No other package I can
think of calls it's administrative user the 'foo superuser': in my UNIX
experience, it's like the U.S. President: there's only one individual,
not a class. In fact, the Zope middleware package used to call it's all
powerful user 'superuser', but switched to 'administrator' for this very
reason. Yes, people where typing root passwords into webpages!
As to historical precedent: The account for the person who installs and
manages the database: that'd be the database administrator, DB admin,
or DBA. Surely you've heard of one? I find 'admin' or 'DBA' easy to type
(and in fact, is the term I use when discussing this person) If you use
superuser, there's always a moment of ambiguity, when I must decide from
context (or additional adjectives) if this is the postgresql or system
superuser (dare I say hash collision?)
>
> "Superuser" is short, easy to spell correctly, and has the right
> overtones for people familiar with Unix sysadmin duties. If you
> want to advocate a different term, try to pick one that retains
> at least some of those properties.
>
'Admin' is shorter, has just as long a precedent (or longer) than
superuser, has more of the _right_ connotations in the database community,
and none of the overloading concerning system priviliges that 'superuser'
has.
Ross
--
Open source code is like a natural resource, it's the result of providing
food and sunshine to programmers, and then staying out of their way.
[...] [It] is not going away because it has utility for both the developers
and users independent of economic motivations. Jim Flynn, Sunnyvale, Calif.
"Ross J. Reedstrom" <reedstrm@rice.edu> writes:
> 'Admin' is shorter, has just as long a precedent (or longer) than
> superuser, has more of the _right_ connotations in the database community,
> and none of the overloading concerning system priviliges that 'superuser'
> has.
"Admin" might work. Thinking about this some more, I realize that there
are three distinct concepts that we are fuzzing together. It might help
if we adopted different terms for:
* The actual *person* responsible for the database. Use in contexts
like "The DBA must make sure that ...". In some places we avoid this
by using the pronoun "you", but people often find that too informal.
* The Unix account ID under which the postmaster runs. The existing
docs mostly refer to this as "the postgres account", which is a problem
because one keeps wanting to add an asterisk to it ("* or whatever
account you are running the postmaster under").
* The one or more Postgres usernames that are marked "usesuper" in
pg_shadow. If we keep the term "superuser" it should be reserved
for this meaning.
regards, tom lane
On Mon, Jan 22, 2001 at 11:59:41AM -0500, Tom Lane wrote:
>
> "Admin" might work. Thinking about this some more, I realize that there
> are three distinct concepts that we are fuzzing together. It might help
> if we adopted different terms for:
>
> * The actual *person* responsible for the database. Use in contexts
> like "The DBA must make sure that ...". In some places we avoid this
> by using the pronoun "you", but people often find that too informal.
Right, the administrator, who uses the admin account.
>
> * The Unix account ID under which the postmaster runs. The existing
> docs mostly refer to this as "the postgres account", which is a problem
> because one keeps wanting to add an asterisk to it ("* or whatever
> account you are running the postmaster under").
This could be 'server account' or 'backend account', or 'daemon account',
although that last is even more poorly understood by the general public
that 'superuser' (it's a bird, it's a plane: no it's SuperUser!)
>
> * The one or more Postgres usernames that are marked "usesuper" in
> pg_shadow. If we keep the term "superuser" it should be reserved
> for this meaning.
>
Hmm, that reminds me: the pg superuser <-> unix superuser parallel is
flawed here as well: in traditional Unix practice, one doesn't grant
superuser privileges to any account other than root. Or if you do,
you do it via group membership, and call it the 'wheel' group.
It's true that trying to talk about this group of accounts while
disambiguating the person from the database account is the problem.
How about 'privileged account'? A little vague, I admit.
Actually, out biggest documentation headache is using 'account' for
both 'operating system user account' and 'database user account', and
making it clear which one is meant. This happens not only for the
superuser account, but the regular user acccounts as well.
Ross
"Ross J. Reedstrom" <reedstrm@rice.edu> writes:
> Actually, out biggest documentation headache is using 'account' for
> both 'operating system user account' and 'database user account', and
> making it clear which one is meant. This happens not only for the
> superuser account, but the regular user acccounts as well.
Yes, that is another source of confusion. One could even claim it's
the source of the superuser issue --- a Unix superuser and
a Postgres superuser aren't the same kind of user account, so there
would be no confusion if it were always perfectly clear which sort
of user you were talking about.
regards, tom lane
Tom Lane <tgl@sss.pgh.pa.us> wrote: > "Ross J. Reedstrom" <reedstrm@rice.edu> writes: >> Actually, out biggest documentation headache is using 'account' for >> both 'operating system user account' and 'database user account', and >> making it clear which one is meant. This happens not only for the >> superuser account, but the regular user acccounts as well. > Yes, that is another source of confusion. One could even claim it's > the source of the superuser issue --- a Unix superuser and > a Postgres superuser aren't the same kind of user account, so there > would be no confusion if it were always perfectly clear which sort > of user you were talking about. As a newbie, it would have been more perfectly clear to me if the manner of becoming superuser had been spelled out. Reason is, there are two ways to do it. In the beginning my user newsbird couldn't do su - postgres. Only root could. While I read what I could about how to initdb, create user, etc, there seemed to be several ways to do it. Of course, I did it wrong. There is one other more experienced person helping me, but we were both surprised when newsbird dropped the other users database created for testing. It wasn't supposed to happen of course. That test was meant to show me it couldn't happen. Well, then I had to go back and find out why it did and I ended up here, reading this. I already knew there were two superusers, one unix root, one postgres superuser. But in the beginning of setup it isn't clear whether root should do su - postgres or not. When newsbird couldn't do su - postgres, newsbird tried getting there through root. I note that different distributions of linux use different path/permissions/ownerships for postgres. His system is debian, mine suse. Perhaps that led to confusion. Certainly it would be useful to quickly view user privileges instead of having to test it the hard way. We don't want either newsbird or user2 to have privilege to destroy/drop databases, nor do we want either user to be able to create users. Appreciate your comments.